Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394

Pull firewire fix from Stefan Richter: "IEEE 1394 (FireWire) subsystem fix: The character device file interface for raw 1394 I/O took uninitialized kernel stack as substitute for missing ioctl() argument data. This could partially show up in subsequent read() output" * tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: cdev: prevent kernel stack leaking into ioctl arguments
2026-03-27 09:34:30 -04:00 · 2014-11-14 12:44:48 -08:00
parent 3865efcb14 eaca2d8e75
commit f720d7df99
1 changed files with 1 additions and 2 deletions
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -1637,8 +1637,7 @@ static int dispatch_ioctl(struct client *client,
 	    _IOC_SIZE(cmd) > sizeof(buffer))
 		return -ENOTTY;

-	if (_IOC_DIR(cmd) == _IOC_READ)
-		memset(&buffer, 0, _IOC_SIZE(cmd));
+	memset(&buffer, 0, sizeof(buffer));

 	if (_IOC_DIR(cmd) & _IOC_WRITE)
 		if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd)))