| Message ID | 20130725164621.GA6945@elgon.mountain (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Am 25.07.2013 18:46, schrieb Dan Carpenter: > p_ca_slot_info was allocated with kmalloc() so we need to clear it > before passing it to the user. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/drivers/media/pci/bt8xx/dst_ca.c b/drivers/media/pci/bt8xx/dst_ca.c > index 0e788fc..6b9dc3f 100644 > --- a/drivers/media/pci/bt8xx/dst_ca.c > +++ b/drivers/media/pci/bt8xx/dst_ca.c > @@ -302,8 +302,11 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s > p_ca_slot_info->flags = CA_CI_MODULE_READY; > p_ca_slot_info->num = 1; > p_ca_slot_info->type = CA_CI; > - } else > + } else { > p_ca_slot_info->flags = 0; > + p_ca_slot_info->num = 0; > + p_ca_slot_info->type = 0; > + } > > if (copy_to_user(arg, p_ca_slot_info, sizeof (struct ca_slot_info))) > return -EFAULT; note: i have no clue how p_ca_slot_info looks like, but to avoid information leaks via compiler padding etc. i could be more wise to do a memset(p_ca_slot_info,0,sizeof (struct ca_slot_info)) and then set the p_ca_slot_info->flags = CA_CI_MODULE_READY; p_ca_slot_info->num = 1; p_ca_slot_info->type = CA_CI; just my 2 cents, re, wh -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Jul 25, 2013 at 07:29:09PM +0200, walter harms wrote: > > > Am 25.07.2013 18:46, schrieb Dan Carpenter: > > p_ca_slot_info was allocated with kmalloc() so we need to clear it > > before passing it to the user. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > diff --git a/drivers/media/pci/bt8xx/dst_ca.c b/drivers/media/pci/bt8xx/dst_ca.c > > index 0e788fc..6b9dc3f 100644 > > --- a/drivers/media/pci/bt8xx/dst_ca.c > > +++ b/drivers/media/pci/bt8xx/dst_ca.c > > @@ -302,8 +302,11 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s > > p_ca_slot_info->flags = CA_CI_MODULE_READY; > > p_ca_slot_info->num = 1; > > p_ca_slot_info->type = CA_CI; > > - } else > > + } else { > > p_ca_slot_info->flags = 0; > > + p_ca_slot_info->num = 0; > > + p_ca_slot_info->type = 0; > > + } > > > > if (copy_to_user(arg, p_ca_slot_info, sizeof (struct ca_slot_info))) > > return -EFAULT; > > note: i have no clue how p_ca_slot_info looks like, > but to avoid information leaks via compiler padding etc. i could be more wise > to do a memset(p_ca_slot_info,0,sizeof (struct ca_slot_info)) > and then set the There is no compiler padding. My static checker looks for that. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/media/pci/bt8xx/dst_ca.c b/drivers/media/pci/bt8xx/dst_ca.c index 0e788fc..6b9dc3f 100644 --- a/drivers/media/pci/bt8xx/dst_ca.c +++ b/drivers/media/pci/bt8xx/dst_ca.c @@ -302,8 +302,11 @@ static int ca_get_slot_info(struct dst_state *state, struct ca_slot_info *p_ca_s p_ca_slot_info->flags = CA_CI_MODULE_READY; p_ca_slot_info->num = 1; p_ca_slot_info->type = CA_CI; - } else + } else { p_ca_slot_info->flags = 0; + p_ca_slot_info->num = 0; + p_ca_slot_info->type = 0; + } if (copy_to_user(arg, p_ca_slot_info, sizeof (struct ca_slot_info))) return -EFAULT;
p_ca_slot_info was allocated with kmalloc() so we need to clear it before passing it to the user. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html