ALSA: compress: info leak in snd_compr_get_caps()
authorDan Carpenter <dan.carpenter@oracle.com>
Sun, 21 Apr 2013 11:07:29 +0000 (14:07 +0300)
committerTakashi Iwai <tiwai@suse.de>
Mon, 22 Apr 2013 08:34:46 +0000 (10:34 +0200)
If the ->get_caps() function doesn't clear the buffer then there would
stack information leaked to userspace.  For example,
soc_compr_get_caps() can return success without clearing the buffer.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/core/compress_offload.c

index 7941ace782833e78026cb9c9b8494f27fc8b2d2c..664c69398b4168441cbbe5fbcf0f9352f9b3b083 100644 (file)
@@ -409,6 +409,7 @@ snd_compr_get_caps(struct snd_compr_stream *stream, unsigned long arg)
        if (!stream->ops->get_caps)
                return -ENXIO;
 
+       memset(&caps, 0, sizeof(caps));
        retval = stream->ops->get_caps(stream, &caps);
        if (retval)
                goto out;