tegra-profiler: fix security vulnerability issue

Tegra Profiler: some fields of structs are not initialized.
So, when they are copied to user space, stack information leaks.

Bug 1797747

Change-Id: I2b00f30fa2e3360c412573d40faf96f45c113346
Signed-off-by: Igor Nabirushkin <inabirushkin@nvidia.com>
Reviewed-on: http://git-master/r/1204252
(cherry picked from commit 9a1fa9884ad5cbb8199d0dc5a56fd5845a544d44)
Reviewed-on: http://git-master/r/1208917
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Winnie Hsu <whsu@nvidia.com>

diff --git a/drivers/misc/tegra-profiler/comm.c b/drivers/misc/tegra-profiler/comm.c
index e8c2c3acc71a5ea93660fea457338b75d389a078..781e0106b435a705759d6a33952599b19cf6897a 100644 (file)
--- a/drivers/misc/tegra-profiler/comm.c
+++ b/drivers/misc/tegra-profiler/comm.c
@@ -1,7 +1,7 @@
 /*
  * drivers/misc/tegra-profiler/comm.c
  *
- * Copyright (c) 2013-2015, NVIDIA CORPORATION.  All rights reserved.
+ * Copyright (c) 2013-2016, NVIDIA CORPORATION.  All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms and conditions of the GNU General Public License,
@@ -562,6 +562,7 @@ device_ioctl(struct file *file,
                break;
 
        case IOCTL_GET_CAP:
+               memset(&cap, 0, sizeof(cap));
                comm_ctx.control->get_capabilities(&cap);
                if (copy_to_user((void __user *)ioctl_param, &cap,
                                 sizeof(struct quadd_comm_cap))) {
@@ -600,6 +601,8 @@ device_ioctl(struct file *file,
                break;
 
        case IOCTL_GET_VERSION:
+               memset(&versions, 0, sizeof(versions));
+
                strcpy((char *)versions.branch, QUADD_MODULE_BRANCH);
                strcpy((char *)versions.version, QUADD_MODULE_VERSION);