Skip to content

Commit

Permalink
drm: stop information leak of old kernel stack.
Browse files Browse the repository at this point in the history 
non-critical issue, CVE-2010-2803

Userspace controls the amount of memory to be allocate, so it can
get the ioctl to allocate more memory than the kernel uses, and get
access to kernel stack. This can only be done for processes authenticated
to the X server for DRI access, and if the user has DRI access.

Fix is to just memset the data to 0 if the user doesn't copy into
it in the first place.

Reported-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
  • Loading branch information
@airlied
airlied committed Aug 17, 2010
1 parent 31ce4bf commit b9f0aee
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion drivers/gpu/drm/drm_drv.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -477,7 +477,9 @@ long drm_ioctl(struct file *filp,
retcode = -EFAULT;
goto err_i1;
}
}
} else
memset(kdata, 0, _IOC_SIZE(cmd));

if (ioctl->flags & DRM_UNLOCKED)
retcode = func(dev, kdata, file_priv);
else {
Expand Down

0 comments on commit b9f0aee

Please sign in to comment.