10 Sep
2018
10 Sep
'18
5:34 p.m.
On Mon, 10 Sep 2018 17:19:32 +0200, Takashi Iwai wrote:
From: Willy Tarreau w@1wt.eu
snd_emu10k1_fx8010_ioctl(SNDRV_EMU10K1_IOCTL_INFO) allocates memory using kmalloc() and partially fills it by calling snd_emu10k1_fx8010_info() before returning the resulting structure to userspace, leaving uninitialized holes. Let's just use kzalloc() here.
BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html
BTW, for avoiding someone falling into the same pitfall like me: you can forget about the case 2 in the URL above. It's invalid. We have a complete copy_from_user() at first, so no leak happens.
Takashi