From: Dave Chinner <dchinner@redhat.com> Date: Thu, 16 Sep 2010 07:04:50 -0400 Subject: [fs] xfs: prevent reading uninitialized stack memory Message-id: <1284620690-30786-1-git-send-email-dchinner@redhat.com> Patchwork-id: 28254 O-Subject: [RHEL5.6 PATCH] xfs: prevent reading uninitialized stack memory Bugzilla: 630807 RH-Acked-by: Eric Sandeen <sandeen@redhat.com> RH-Acked-by: Jarod Wilson <jarod@redhat.com> Upstream Commit: a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 RH BZ: 630807 -- from: Dan Rosenberg <dan.j.rosenberg@gmail.com> The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12 bytes of uninitialized stack memory, because the fsxattr struct declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero) the 12-byte fsx_pad member before copying it back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Alex Elder <aelder@sgi.com> diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c index e76644f..ff0cb3d 100644 --- a/fs/xfs/linux-2.6/xfs_ioctl.c +++ b/fs/xfs/linux-2.6/xfs_ioctl.c @@ -853,6 +853,8 @@ xfs_ioc_fsgetxattr( { struct fsxattr fa; + memset(&fa, 0, sizeof(struct fsxattr)); + xfs_ilock(ip, XFS_ILOCK_SHARED); fa.fsx_xflags = xfs_ip2xflags(ip); fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog;