2.6.32-stable review patch. If anyone has any objections, please let us know.
------------------ From: Vasiliy Kulikov <[email protected]> commit 3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 upstream. The shmid_ds structure is copied to userland with shm_unused{,2,3} fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <[email protected]> Acked-by: Al Viro <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- ipc/shm.c | 1 + 1 file changed, 1 insertion(+) --- a/ipc/shm.c +++ b/ipc/shm.c @@ -474,6 +474,7 @@ static inline unsigned long copy_shmid_t { struct shmid_ds out; + memset(&out, 0, sizeof(out)); ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm); out.shm_segsz = in->shm_segsz; out.shm_atime = in->shm_atime; _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
