USB: usbfs: don't leak kernel data in siginfo

commit f0c2b68198589249afd2b1f2c4e8de8c03e19c16 upstream. When a signal is delivered, the information in the siginfo structure is copied to userspace. Good security practice dicatates that the unused fields in this structure should be initialized to 0 so that random kernel stack data isn't exposed to the user. This patch adds such an initialization to the two places where usbfs raises signals. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: Dave Mielke <dave@mielke.cc> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Alan Stern <stern@rowland.harvard.edu> 2015-02-13 10:54:53 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2015-03-18 13:22:30 +0100
commit: 92677959bdadb8f7dd2809c5eedc4cd8ca8aeee2 (patch)
tree: e8a288a730e8ed7d9f43e67ae5ba79220052b207
parent: e256bf1483582a189a5bd58437b704f15fb9b06c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index ce773cca2bf5..78ddfb43750a 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -501,6 +501,7 @@ static void async_completed(struct urb *urb)
 	as->status = urb->status;
 	signr = as->signr;
 	if (signr) {
+		memset(&sinfo, 0, sizeof(sinfo));
 		sinfo.si_signo = as->signr;
 		sinfo.si_errno = as->status;
 		sinfo.si_code = SI_ASYNCIO;
@@ -2228,6 +2229,7 @@ static void usbdev_remove(struct usb_device *udev)
 		wake_up_all(&ps->wait);
 		list_del_init(&ps->list);
 		if (ps->discsignr) {
+			memset(&sinfo, 0, sizeof(sinfo));
 			sinfo.si_signo = ps->discsignr;
 			sinfo.si_errno = EPIPE;
 			sinfo.si_code = SI_ASYNCIO;
author	Alan Stern <stern@rowland.harvard.edu>	2015-02-13 10:54:53 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2015-03-18 13:22:30 +0100
commit	92677959bdadb8f7dd2809c5eedc4cd8ca8aeee2 (patch)
tree	e8a288a730e8ed7d9f43e67ae5ba79220052b207
parent	e256bf1483582a189a5bd58437b704f15fb9b06c (diff)