| Message ID | 1464172291-2856-3-git-send-email-ppandit@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 05/25/2016 12:31 PM, P J P wrote: > From: Prasad J Pandit <pjp@fedoraproject.org> > > When reading MegaRAID SAS controller configuration via MegaRAID > Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read > uses an uninitialised local data buffer. Initialise this buffer > to avoid stack information leakage. > > Reported-by: Li Qiang <liqiang6-s@360.cn> > Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> > --- > hw/scsi/megasas.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c > index dcbd3e1..7c08932 100644 > --- a/hw/scsi/megasas.c > +++ b/hw/scsi/megasas.c > @@ -1305,6 +1305,7 @@ static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd) > QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) { > num_pd_disks++; > } > + memset(data, 0, sizeof(data)); Just replace the variable declaration with uint8_t data[4096] = ""; or uint8_t data[4096] = { 0 }; That should automatically get you a fully zeroed frame on the stack. Alex > info = (struct mfi_config_data *)&data; > /* > * Array mapping:
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index dcbd3e1..7c08932 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -1305,6 +1305,7 @@ static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd) QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) { num_pd_disks++; } + memset(data, 0, sizeof(data)); info = (struct mfi_config_data *)&data; /* * Array mapping: