Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fanotify: info leak in copy_event_to_user()

The ->reserved field isn't cleared so we leak one byte of stack
information to userspace.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Eric Paris <eparis@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Carpenter 12 years ago
parent
b9ce54c9f5
commit
de1e0c40ac
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      fs/notify/fanotify/fanotify_user.c

+ 1 - 0
fs/notify/fanotify/fanotify_user.c
View File 

@@ -122,6 +122,7 @@ static int fill_event_metadata(struct fsnotify_group *group,
 
 	metadata->event_len = FAN_EVENT_METADATA_LEN;
 
 	metadata->metadata_len = FAN_EVENT_METADATA_LEN;
 
 	metadata->vers = FANOTIFY_METADATA_VERSION;
 
+	metadata->reserved = 0;
 
 	metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS;
 
 	metadata->pid = pid_vnr(event->tgid);
 
 	if (unlikely(event->mask & FAN_Q_OVERFLOW))