xfs: prevent reading uninitialized stack memory

commit a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 upstream. The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12 bytes of uninitialized stack memory, because the fsxattr struct declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero) the 12-byte fsx_pad member before copying it back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Alex Elder <aelder@sgi.com> Cc: dann frazier <dannf@debian.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Dan Rosenberg <dan.j.rosenberg@gmail.com> 2010-09-06 18:24:57 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2011-03-21 12:45:47 -0700
commit: 23dd4f104b2630a225b41416d5237aca72ebc195 (patch)
tree: 925bc0512aa1623f6e2ba814dd089122a9e33539
parent: 24ae805d43b392998be1097ae0b43fdce2b0c493 (diff)
download: linux-stable-23dd4f104b2630a225b41416d5237aca72ebc195.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
index a034cf624437..810ff2716416 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl.c
@@ -790,6 +790,8 @@ xfs_ioc_fsgetxattr(
 {
 	struct fsxattr		fa;
 
+	memset(&fa, 0, sizeof(struct fsxattr));
+
 	xfs_ilock(ip, XFS_ILOCK_SHARED);
 	fa.fsx_xflags = xfs_ip2xflags(ip);
 	fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog;
author	Dan Rosenberg <dan.j.rosenberg@gmail.com>	2010-09-06 18:24:57 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2011-03-21 12:45:47 -0700
commit	23dd4f104b2630a225b41416d5237aca72ebc195 (patch)
tree	925bc0512aa1623f6e2ba814dd089122a9e33539
parent	24ae805d43b392998be1097ae0b43fdce2b0c493 (diff)
download	linux-stable-23dd4f104b2630a225b41416d5237aca72ebc195.tar.gz