git.maquefel.me Git - linux.git/commit

author	Tom Rix <trix@redhat.com>
	Mon, 11 Apr 2022 17:47:56 +0000 (13:47 -0400)
committer	Martin K. Petersen <martin.petersen@oracle.com>
	Tue, 19 Apr 2022 02:48:31 +0000 (22:48 -0400)
commit	faad6cebded8e0fd902b672f220449b93db479eb
tree	a855e9f107491ca67eac889dab5b70b012910174	tree \| snapshot
parent	70a3baeec4e89736be932a60d682d7ae27556f5c	commit \| diff

scsi: sr: Do not leak information in ioctl

sr_ioctl.c uses this pattern:

  result = sr_do_ioctl(cd, &cgc);
  to-user = buffer[];
  kfree(buffer);
  return result;

Use of a buffer without checking leaks information. Check result and jump
over the use of buffer if there is an error.

  result = sr_do_ioctl(cd, &cgc);
  if (result)
    goto err;
  to-user = buffer[];
err:
  kfree(buffer);
  return result;

Additionally, initialize the buffer to zero.

This problem can be seen in the 2.4.0 kernel.

Link: https://lore.kernel.org/r/20220411174756.2418435-1-trix@redhat.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>