This is a note to let you know that I've just added the patch titled
V4L/DVB: ivtvfb: prevent reading uninitialized stack memory
to the 2.6.32-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
v4l-dvb-ivtvfb-prevent-reading-uninitialized-stack-memory.patch
and it can be found in the queue-2.6.32 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 405707985594169cfd0b1d97d29fcb4b4c6f2ac9 Mon Sep 17 00:00:00 2001
From: Dan Rosenberg <[email protected]>
Date: Wed, 15 Sep 2010 18:44:22 -0300
Subject: V4L/DVB: ivtvfb: prevent reading uninitialized stack memory
From: Dan Rosenberg <[email protected]>
commit 405707985594169cfd0b1d97d29fcb4b4c6f2ac9 upstream.
The FBIOGET_VBLANK device ioctl allows unprivileged users to read 16
bytes of uninitialized stack memory, because the "reserved" member of
the fb_vblank struct declared on the stack is not altered or zeroed
before being copied back to the user. This patch takes care of it.
Signed-off-by: Dan Rosenberg <[email protected]>
Signed-off-by: Andy Walls <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/media/video/ivtv/ivtvfb.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/media/video/ivtv/ivtvfb.c
+++ b/drivers/media/video/ivtv/ivtvfb.c
@@ -457,6 +457,8 @@ static int ivtvfb_ioctl(struct fb_info *
struct fb_vblank vblank;
u32 trace;
+ memset(&vblank, 0, sizeof(struct fb_vblank));
+
vblank.flags = FB_VBLANK_HAVE_COUNT
|FB_VBLANK_HAVE_VCOUNT |
FB_VBLANK_HAVE_VSYNC;
trace = read_reg(0x028c0) >> 16;
Patches currently in stable-queue which might be from [email protected]
are
queue-2.6.32/can-bcm-fix-minor-heap-overflow.patch
queue-2.6.32/x25-prevent-crashing-when-parsing-bad-x.25-facilities.patch
queue-2.6.32/block-limit-vec-count-in-bio_kmalloc-and-bio_alloc_map_data.patch
queue-2.6.32/bio-take-care-not-overflow-page-count-when-mapping-copying-user-data.patch
queue-2.6.32/sys_semctl-fix-kernel-stack-leakage.patch
queue-2.6.32/block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch
queue-2.6.32/v4l-dvb-ivtvfb-prevent-reading-uninitialized-stack-memory.patch
queue-2.6.32/ipc-initialize-structure-memory-to-zero-for-compat-functions.patch
queue-2.6.32/decnet-don-t-leak-uninitialized-stack-byte.patch
queue-2.6.32/block-take-care-not-to-overflow-when-calculating-total-iov-length.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
