From: Dan Carpenter Date: Sun, 21 Apr 2013 11:07:29 +0000 (+0300) Subject: ALSA: compress: info leak in snd_compr_get_caps() X-Git-Tag: firefly_0821_release~3680^2~496^2~32 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=1c62e9f2b5a97c53aaae490f844949d32cca6dc6;p=firefly-linux-kernel-4.4.55.git ALSA: compress: info leak in snd_compr_get_caps() If the ->get_caps() function doesn't clear the buffer then there would stack information leaked to userspace. For example, soc_compr_get_caps() can return success without clearing the buffer. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai --- diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index 7941ace78283..664c69398b41 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -409,6 +409,7 @@ snd_compr_get_caps(struct snd_compr_stream *stream, unsigned long arg) if (!stream->ops->get_caps) return -ENXIO; + memset(&caps, 0, sizeof(caps)); retval = stream->ops->get_caps(stream, &caps); if (retval) goto out;