USB: usbfs: don't leak kernel data in siginfo When a signal is delivered, the information in the siginfo structure is copied to userspace. Good security practice dicatates that the unused fields in this structure should be initialized to 0 so that random kernel stack data isn't exposed to the user. This patch adds such an initialization to the two places where usbfs raises signals. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: Dave Mielke <dave@mielke.cc> CC: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: f0c2b68198589249afd2b1f2c4e8de8c03e19c16 [log] [tgz]
author: Alan Stern <stern@rowland.harvard.edu> Fri Feb 13 10:54:53 2015 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Tue Feb 24 08:38:46 2015 -0800
tree: 719882a5c2ab4ada82240fff4ffe0df6debe98eb
parent: 27082e2654dc148078b0abdfc3c8e5ccbde0ebfa [diff] [blame]
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 66abdbc..1163553 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c

@@ -501,6 +501,7 @@
 	as->status = urb->status;
 	signr = as->signr;
 	if (signr) {
+		memset(&sinfo, 0, sizeof(sinfo));
 		sinfo.si_signo = as->signr;
 		sinfo.si_errno = as->status;
 		sinfo.si_code = SI_ASYNCIO;
@@ -2382,6 +2383,7 @@
 		wake_up_all(&ps->wait);
 		list_del_init(&ps->list);
 		if (ps->discsignr) {
+			memset(&sinfo, 0, sizeof(sinfo));
 			sinfo.si_signo = ps->discsignr;
 			sinfo.si_errno = EPIPE;
 			sinfo.si_code = SI_ASYNCIO;
commit	f0c2b68198589249afd2b1f2c4e8de8c03e19c16	[log] [tgz]
author	Alan Stern <stern@rowland.harvard.edu>	Fri Feb 13 10:54:53 2015 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Tue Feb 24 08:38:46 2015 -0800
tree	719882a5c2ab4ada82240fff4ffe0df6debe98eb
parent	27082e2654dc148078b0abdfc3c8e5ccbde0ebfa [diff] [blame]