27 lines
1.0 KiB
Diff
27 lines
1.0 KiB
Diff
From: Dan Carpenter <dan.carpenter@oracle.com>
|
|
Date: Wed, 19 Jun 2013 10:05:29 +1000
|
|
Subject: fanotify: info leak in copy_event_to_user()
|
|
Origin: http://www.ozlabs.org/~akpm/mmotm/broken-out/fanotify-info-leak-in-copy_event_to_user.patch
|
|
|
|
The ->reserverd field isn't cleared so we leak one byte of stack
|
|
information to userspace.
|
|
|
|
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
|
|
Cc: Eric Paris <eparis@redhat.com>
|
|
Cc: Al Viro <viro@zeniv.linux.org.uk>
|
|
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
|
---
|
|
fs/notify/fanotify/fanotify_user.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
--- a/fs/notify/fanotify/fanotify_user.c
|
|
+++ b/fs/notify/fanotify/fanotify_user.c
|
|
@@ -121,6 +121,7 @@ static int fill_event_metadata(struct fs
|
|
metadata->event_len = FAN_EVENT_METADATA_LEN;
|
|
metadata->metadata_len = FAN_EVENT_METADATA_LEN;
|
|
metadata->vers = FANOTIFY_METADATA_VERSION;
|
|
+ metadata->reserved = 0;
|
|
metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS;
|
|
metadata->pid = pid_vnr(event->tgid);
|
|
if (unlikely(event->mask & FAN_Q_OVERFLOW))
|