Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 91a4d157d0c18bd18fd95f90b67cb10d11701cca
commit91a4d157d0c18bd18fd95f90b67cb10d11701cca[log] [tgz]
authorVasiliy Kulikov <segoon@openwall.com>Sun Nov 14 09:22:52 2010 +0000
committerRoland Dreier <rolandd@cisco.com>Wed Dec 01 16:33:18 2010 -0800
tree3e5f469737873ae4bfc13f6f9f21dfcc112d191e
parentf55864a4f435e47ad413be7016f38877b096bb5b [diff]
IB: Fix information leak in marshalling code

ib_ucm_init_qp_attr() and ucma_init_qp_attr() pass struct ib_uverbs_qp_attr
with reserved, qp_state, {ah_attr,alt_ah_attr}{reserved,->grh.reserved}
fields uninitialized to copy_to_user().  This leads to leaking of
contents of kernel stack memory to userspace.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
1 file changed
tree: 3e5f469737873ae4bfc13f6f9f21dfcc112d191e
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS