ALSA: sb16 - info leak in snd_sb_csp_ioctl()
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 7 Nov 2013 08:09:54 +0000 (11:09 +0300)
committerTakashi Iwai <tiwai@suse.de>
Thu, 7 Nov 2013 09:17:18 +0000 (10:17 +0100)
There is a 2 byte hole after "info.func_nr" so we could leak unitialized
stack information to userspace.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/isa/sb/sb16_csp.c

index c1aa21edcb653b78dc664e97e75db7bd68bbe834..48da2276683d275ece81027f44d3906b347546b5 100644 (file)
@@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i
        switch (cmd) {
                /* get information */
        case SNDRV_SB_CSP_IOCTL_INFO:
+               memset(&info, 0, sizeof(info));
                *info.codec_name = *p->codec_name;
                info.func_nr = p->func_nr;
                info.acc_format = p->acc_format;