Home Verkennen Help
Registreren Inloggen
phyus
/
linux-vybrid_public
8
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

TPM: Zero buffer after copying to userspace

Since the buffer might contain security related data it might be a good idea to
zero the buffer after we have copied it to userspace.

This got assigned CVE-2011-1162.

Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Stable Kernel <stable@kernel.org>
Signed-off-by: James Morris <jmorris@namei.org>
Peter Huewe 13 jaren geleden
bovenliggende
6b07d30aca
commit
3321c07ae5
1 gewijzigde bestanden met toevoegingen van 5 en 1 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 5 1
      drivers/char/tpm/tpm.c

+ 5 - 1
drivers/char/tpm/tpm.c
Bestand weergeven 

@@ -1105,6 +1105,7 @@ ssize_t tpm_read(struct file *file, char __user *buf,
 
 {
 
 	struct tpm_chip *chip = file->private_data;
 
 	ssize_t ret_size;
 
+	int rc;
 
 
 	del_singleshot_timer_sync(&chip->user_read_timer);
 
 	flush_work_sync(&chip->work);
 
@@ -1115,8 +1116,11 @@ ssize_t tpm_read(struct file *file, char __user *buf,
 
 			ret_size = size;
 
 
 		mutex_lock(&chip->buffer_mutex);
 
-		if (copy_to_user(buf, chip->data_buffer, ret_size))
 
+		rc = copy_to_user(buf, chip->data_buffer, ret_size);
 
+		memset(chip->data_buffer, 0, ret_size);
 
+		if (rc)
 
 			ret_size = -EFAULT;
 
+
 
 		mutex_unlock(&chip->buffer_mutex);
 
 	}