[dm-devel] [PATCH] dm ioctl: prevent stack leak in dm ioctl call
Adrian Salido
salidoa at google.com
Wed Apr 26 00:33:19 UTC 2017
> On Tue, Apr 25, 2017 at 04:31:29PM -0700, Adrian Salido wrote:
>> Struct dm_ioctl has some padding/data that is not explicitly cleared
>> before copying to user. This can cause kernel stack contents to be
>> leaked to user space.
>
> Please be more precise here, explaining which part of the buffer
> and under exactly what circumstances you have found that uninitialised
> content gets returned to userspace.
it's actually the data portion of the struct under a custom user ioctl
where (param_kernel->data_size - minimum_data_size) <
sizeof(param_kernel->data)
Will update the patch to be clear
More information about the dm-devel
mailing list