HID: uhid: fix leak for 64/32 UHID_CREATE UHID allows short writes so user-space can omit unused fields. We automatically set them to 0 in the kernel. However, the 64/32 bit compat-handler didn't do that in the UHID_CREATE fallback. This will reveal random kernel heap data (of random size, even) to user-space. Fixes: befde0226a59 ('HID: uhid: make creating devices work on 64/32 systems') Reported-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Jiri Kosina <jkosina@suse.cz>

commit: 80897aa787ecd58eabb29deab7cbec9249c9b7e6 [log] [tgz]
author: David Herrmann <dh.herrmann@gmail.com> Tue Nov 26 13:58:18 2013 +0100
committer: Jiri Kosina <jkosina@suse.cz> Wed Nov 27 10:53:49 2013 +0100
tree: aaed88615f8a55457a850e5a3aff5b6e0a8175cc
parent: 8a396321e2102d98a0d387c773be13b55d88ae6f [diff] [blame]
diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c
index 93b00d7..cedc6da 100644
--- a/drivers/hid/uhid.c
+++ b/drivers/hid/uhid.c

@@ -287,7 +287,7 @@
 			 */
 			struct uhid_create_req_compat *compat;
 
-			compat = kmalloc(sizeof(*compat), GFP_KERNEL);
+			compat = kzalloc(sizeof(*compat), GFP_KERNEL);
 			if (!compat)
 				return -ENOMEM;
commit	80897aa787ecd58eabb29deab7cbec9249c9b7e6	[log] [tgz]
author	David Herrmann <dh.herrmann@gmail.com>	Tue Nov 26 13:58:18 2013 +0100
committer	Jiri Kosina <jkosina@suse.cz>	Wed Nov 27 10:53:49 2013 +0100
tree	aaed88615f8a55457a850e5a3aff5b6e0a8175cc
parent	8a396321e2102d98a0d387c773be13b55d88ae6f [diff] [blame]