projects / wrapfs-5.3.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 69eeaa6) | patch
scsi: sr: Do not leak information in ioctl
authorTom Rix <trix@redhat.com>
Mon, 11 Apr 2022 17:47:56 +0000 (13:47 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 27 Apr 2022 12:41:12 +0000 (14:41 +0200)
commitd4f8bb41a4f5ee1e7b5787a70a466d915246afe0
treeb8dbba7d1fd6875d10fc02df49bddd4f555a931btree | snapshot
parent69eeaa611cbdda1bc9ba6254b2046024fd83eb9dcommit | diff
scsi: sr: Do not leak information in ioctl

[ Upstream commit faad6cebded8e0fd902b672f220449b93db479eb ]

sr_ioctl.c uses this pattern:

  result = sr_do_ioctl(cd, &cgc);
  to-user = buffer[];
  kfree(buffer);
  return result;

Use of a buffer without checking leaks information. Check result and jump
over the use of buffer if there is an error.

  result = sr_do_ioctl(cd, &cgc);
  if (result)
    goto err;
  to-user = buffer[];
err:
  kfree(buffer);
  return result;

Additionally, initialize the buffer to zero.

This problem can be seen in the 2.4.0 kernel.

Link: https://lore.kernel.org/r/20220411174756.2418435-1-trix@redhat.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/scsi/sr_ioctl.c diff | blob | history
wrapfs-5.3.y