From: Kangjie Lu
Date: Sun, 8 May 2016 12:10:14 -0400
> Stack object "dte_facilities" is allocated in x25_rx_call_request(),
> which is supposed to be initialized in x25_negotiate_facilities.
> However, 5 fields (8 bytes in total) are not initialized. This
> object is then
From: Kangjie Lu
Date: Sun, 8 May 2016 12:10:14 -0400
> Stack object "dte_facilities" is allocated in x25_rx_call_request(),
> which is supposed to be initialized in x25_negotiate_facilities.
> However, 5 fields (8 bytes in total) are not initialized. This
> object is then copied to userland
Stack object "dte_facilities" is allocated in x25_rx_call_request(),
which is supposed to be initialized in x25_negotiate_facilities.
However, 5 fields (8 bytes in total) are not initialized. This
object is then copied to userland via copy_to_user, thus infoleak
occurs.
Signed-off-by: Kangjie Lu
Stack object "dte_facilities" is allocated in x25_rx_call_request(),
which is supposed to be initialized in x25_negotiate_facilities.
However, 5 fields (8 bytes in total) are not initialized. This
object is then copied to userland via copy_to_user, thus infoleak
occurs.
Signed-off-by: Kangjie Lu
4 matches
Mail list logo