From patchwork Tue May 3 20:34:09 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kangjie Lu X-Patchwork-Id: 9008171 Return-Path: X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 9AE61BF29F for ; Tue, 3 May 2016 20:31:15 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id CCF082035D for ; Tue, 3 May 2016 20:31:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E45782035B for ; Tue, 3 May 2016 20:31:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756409AbcECUbM (ORCPT ); Tue, 3 May 2016 16:31:12 -0400 Received: from mail-yw0-f180.google.com ([209.85.161.180]:35838 "EHLO mail-yw0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756342AbcECUbL (ORCPT ); Tue, 3 May 2016 16:31:11 -0400 Received: by mail-yw0-f180.google.com with SMTP id g133so38834707ywb.2; Tue, 03 May 2016 13:31:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=z61sTdSHSQVp3h8g4E/Wkv0jIO7RD5yFoQgh8uywV84=; b=gIk5MMmbNr5jzfFvLpjtseg5KtzP/CB7RHz+w2DfhnQLZu+4sjHNbsgQOCcJOpxFC2 Zs/QROTQb7Ec+MRobsplLlR+NRc9kkEZBWA1Uw1mCpQjKrGzylmumRtAR9nxCTlIXHmT 4hdHHyhufN33/RTsYhtXrtP8YH8PhhJ4OPizv0wQdl5hQZ66NgiWj25pIvqiiOxQvw5w mu1ihTDoxY5pNvbtrGEfRiYwiW0cDo8jHmMmuCfZKwcAThZHNAFaffQzK5YR36EKzeZz dPshjp2V2MQSv9AreEaIE2yB1a026cvu+nXqAmENpf6nONIaGiZMP/hmDPP06HyTFh7L 9+ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=z61sTdSHSQVp3h8g4E/Wkv0jIO7RD5yFoQgh8uywV84=; b=ZP/9etgcOhB7a60+MuPSkDzmAx4Uhe80nzB5OYpzTHWG/1hdykydWauM5hmaa6hr3K 3dgr69jIbK428nJjNzOTEtVXAy8FWIknN2JzE9MQ84IVoddFX9J3VGX9zLH/mSxv+yXa GvrW2Kp/hLxfhjjehbM3SulCMie3faO31g+x7dDngytkK5EVekfoAcmx0v2+kc8kg2i5 I5V1HdNR88UQmxN8JFnleA+T6FxpYv05CTT58wQBTjsHH4rxjsRLHds2aZzlnm3XIkXo TdGEyL5CCedavluaT0yBNfDeMY7rBpzzAAt9SSBNO9ydTIpTDrWVyd7ksl3Vg+XyWVlS Dwaw== X-Gm-Message-State: AOPr4FWIUImtzGe1KTfKrqLvjdiEUDoy0aec7bKGn8xdQz0OJzOtGC/5MKMagXnoWZ0R7A== X-Received: by 10.129.27.6 with SMTP id b6mr2795406ywb.205.1462307470342; Tue, 03 May 2016 13:31:10 -0700 (PDT) Received: from kangjie.gtisc.gatech.edu (kangjie.gtisc.gatech.edu. [143.215.130.110]) by smtp.googlemail.com with ESMTPSA id m188sm125505ywe.46.2016.05.03.13.31.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 03 May 2016 13:31:09 -0700 (PDT) From: Kangjie Lu X-Google-Original-From: Kangjie Lu To: jlayton@poochiereds.net Cc: bfields@fieldses.org, viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, taesoo@gatech.edu, insu@gatech.edu, Kangjie Lu Subject: [PATCH] fix infoleak in fcntl Date: Tue, 3 May 2016 16:34:09 -0400 Message-Id: <1462307649-5833-1-git-send-email-kjlu@gatech.edu> X-Mailer: git-send-email 1.9.1 MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The stack object “si” has a total size of 128 bytes; however, only 16 bytes are initialized. The remaining uninitialized bytes are sent to userland via send_signal. Signed-off-by: Kangjie Lu Reviewed-by: Christoph Hellwig --- fs/fcntl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/fcntl.c b/fs/fcntl.c index 350a2c8..d06f943 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -468,6 +468,7 @@ static void send_sigio_to_task(struct task_struct *p, delivered even if we can't queue. Failure to queue in this case _should_ be reported; we fall back to SIGIO in that case. --sct */ + memset(&si, 0, sizeof(si)); si.si_signo = signum; si.si_errno = 0; si.si_code = reason;