From fa7df37b588f48a1ff6ef005187f3c5c2281df95 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 5 Sep 2013 06:36:33 -0500 Subject: ipmi: info leak in compat_ipmi_ioctl() On x86_64 there is a 4 byte hole between ->recv_type and ->addr. Signed-off-by: Dan Carpenter Signed-off-by: Corey Minyard Signed-off-by: Linus Torvalds --- drivers/char/ipmi/ipmi_devintf.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/char/ipmi') diff --git a/drivers/char/ipmi/ipmi_devintf.c b/drivers/char/ipmi/ipmi_devintf.c index d5a5f020810a..ec318bf434a6 100644 --- a/drivers/char/ipmi/ipmi_devintf.c +++ b/drivers/char/ipmi/ipmi_devintf.c @@ -810,6 +810,7 @@ static long compat_ipmi_ioctl(struct file *filep, unsigned int cmd, struct ipmi_recv __user *precv64; struct ipmi_recv recv64; + memset(&recv64, 0, sizeof(recv64)); if (get_compat_ipmi_recv(&recv64, compat_ptr(arg))) return -EFAULT; -- cgit v1.2.3