[Linux-kernel-mentees] [PATCH v3] media/v4l2-core: Fix kernel-infoleak in video_put_user()

Peilin Ye yepeilin.cs at gmail.com
Mon Jul 27 15:30:32 UTC 2020


On Mon, Jul 27, 2020 at 05:46:09PM +0300, Dan Carpenter wrote:
> On Mon, Jul 27, 2020 at 10:14:16AM -0400, Peilin Ye wrote:
> > Yes, I would like to! I will start from:
> > 
> > 	drivers/firewire/core-cdev.c:463
> 
> My prefered fix for this would be to add a memset at the start of
> fill_bus_reset_event().
> 
> 	memset(event, 0, sizeof(*event));
> 
> 	spin_lock_irq(&card->lock);
> 
> 	event->closure       = client->bus_reset_closure;
> 
> 
> > 	drivers/input/misc/uinput.c:743

I just sent a patch to fix this as you suggested.

> I don't think this is a bug.

I see. I am now fixing:

	block/scsi_ioctl.c:707 scsi_put_cdrom_generic_arg() warn: check that 'cgc32' doesn't leak information (struct has a hole after 'data_direction')


More information about the Linux-kernel-mentees mailing list