diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2011-09-23 09:21:13 +0300 |
---|---|---|
committer | Jiri Kosina <jkosina@suse.cz> | 2011-09-27 01:33:10 +0200 |
commit | 9561f7faa45cb855b1ba83a4acf3f2ad3665e71f (patch) | |
tree | 89138048c81d60f29a1cc605c2aae679bdeb4850 /drivers/hid/usbhid | |
parent | 65b01bd561dc995aab116aa784f97a37f7c49a65 (diff) | |
download | op-kernel-dev-9561f7faa45cb855b1ba83a4acf3f2ad3665e71f.zip op-kernel-dev-9561f7faa45cb855b1ba83a4acf3f2ad3665e71f.tar.gz |
HID: hiddev: potential info leak in hiddev_ioctl()
Smatch has a new check for Rosenberg type information leaks where
structs are copied to the user with uninitialized stack data in them.
In this case, the hiddev_devinfo struct has a two byte hole.
struct hiddev_devinfo {
__u32 bustype; /* 0 4 */
__u32 busnum; /* 4 4 */
__u32 devnum; /* 8 4 */
__u32 ifnum; /* 12 4 */
__s16 vendor; /* 16 2 */
__s16 product; /* 18 2 */
__s16 version; /* 20 2 */
/* XXX 2 bytes hole, try to pack */
__u32 num_applications; /* 24 4 */
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'drivers/hid/usbhid')
-rw-r--r-- | drivers/hid/usbhid/hiddev.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c index 7c1188b..4ef02b2 100644 --- a/drivers/hid/usbhid/hiddev.c +++ b/drivers/hid/usbhid/hiddev.c @@ -641,6 +641,8 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) struct usb_device *dev = hid_to_usb_dev(hid); struct usbhid_device *usbhid = hid->driver_data; + memset(&dinfo, 0, sizeof(dinfo)); + dinfo.bustype = BUS_USB; dinfo.busnum = dev->bus->busnum; dinfo.devnum = dev->devnum; |