xfs: prevent reading uninitialized stack memory The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12 bytes of uninitialized stack memory, because the fsxattr struct declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero) the 12-byte fsx_pad member before copying it back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Alex Elder <aelder@sgi.com>

commit: a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 [log] [tgz]
author: Dan Rosenberg <dan.j.rosenberg@gmail.com> Mon Sep 06 18:24:57 2010 -0400
committer: Alex Elder <aelder@sgi.com> Fri Sep 10 07:39:28 2010 -0500
tree: 754cbb6319fd3114c6aeb1bf456bf37cff699c69
parent: cc491e27d31f1bb3dacb309407b47d65669ceb9d [diff] [blame]
diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
index 4fec427..3b9e626 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl.c

@@ -785,6 +785,8 @@
 {
 	struct fsxattr		fa;
 
+	memset(&fa, 0, sizeof(struct fsxattr));
+
 	xfs_ilock(ip, XFS_ILOCK_SHARED);
 	fa.fsx_xflags = xfs_ip2xflags(ip);
 	fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog;
commit	a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9	[log] [tgz]
author	Dan Rosenberg <dan.j.rosenberg@gmail.com>	Mon Sep 06 18:24:57 2010 -0400
committer	Alex Elder <aelder@sgi.com>	Fri Sep 10 07:39:28 2010 -0500
tree	754cbb6319fd3114c6aeb1bf456bf37cff699c69
parent	cc491e27d31f1bb3dacb309407b47d65669ceb9d [diff] [blame]