[alsa-devel] [PATCH] ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
Takashi Iwai
tiwai at suse.de
Mon Sep 10 17:34:51 CEST 2018
On Mon, 10 Sep 2018 17:19:32 +0200,
Takashi Iwai wrote:
>
> From: Willy Tarreau <w at 1wt.eu>
>
> snd_emu10k1_fx8010_ioctl(SNDRV_EMU10K1_IOCTL_INFO) allocates
> memory using kmalloc() and partially fills it by calling
> snd_emu10k1_fx8010_info() before returning the resulting
> structure to userspace, leaving uninitialized holes. Let's
> just use kzalloc() here.
>
> BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html
BTW, for avoiding someone falling into the same pitfall like me:
you can forget about the case 2 in the URL above. It's invalid.
We have a complete copy_from_user() at first, so no leak happens.
Takashi
More information about the Alsa-devel
mailing list