From e7e62d74cb3ff3da3e78e02856c9d2a2e18f47c5 Mon Sep 17 00:00:00 2001 From: Igor Nabirushkin Date: Thu, 18 Aug 2016 11:35:20 +0300 Subject: [PATCH] tegra-profiler: fix security vulnerability issue Tegra Profiler: some fields of structs are not initialized. So, when they are copied to user space, stack information leaks. Bug 1797747 Change-Id: I2b00f30fa2e3360c412573d40faf96f45c113346 Signed-off-by: Igor Nabirushkin Reviewed-on: http://git-master/r/1204252 (cherry picked from commit 9a1fa9884ad5cbb8199d0dc5a56fd5845a544d44) Reviewed-on: http://git-master/r/1208917 Reviewed-by: Automatic_Commit_Validation_User GVS: Gerrit_Virtual_Submit Reviewed-by: Winnie Hsu --- drivers/misc/tegra-profiler/comm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/misc/tegra-profiler/comm.c b/drivers/misc/tegra-profiler/comm.c index e8c2c3acc71..781e0106b43 100644 --- a/drivers/misc/tegra-profiler/comm.c +++ b/drivers/misc/tegra-profiler/comm.c @@ -1,7 +1,7 @@ /* * drivers/misc/tegra-profiler/comm.c * - * Copyright (c) 2013-2015, NVIDIA CORPORATION. All rights reserved. + * Copyright (c) 2013-2016, NVIDIA CORPORATION. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms and conditions of the GNU General Public License, @@ -562,6 +562,7 @@ device_ioctl(struct file *file, break; case IOCTL_GET_CAP: + memset(&cap, 0, sizeof(cap)); comm_ctx.control->get_capabilities(&cap); if (copy_to_user((void __user *)ioctl_param, &cap, sizeof(struct quadd_comm_cap))) { @@ -600,6 +601,8 @@ device_ioctl(struct file *file, break; case IOCTL_GET_VERSION: + memset(&versions, 0, sizeof(versions)); + strcpy((char *)versions.branch, QUADD_MODULE_BRANCH); strcpy((char *)versions.version, QUADD_MODULE_VERSION); -- 2.39.2