fd02db9de7
The FBIOGET_VBLANK device ioctl allows unprivileged users to read 16 bytes of uninitialized stack memory, because the "reserved" member of the fb_vblank struct declared on the stack is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Cc: Thomas Winischhofer <thomas@winischhofer.net> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
---|---|---|
.. | ||
300vtbl.h | ||
310vtbl.h | ||
init.c | ||
init.h | ||
init301.c | ||
init301.h | ||
initdef.h | ||
initextlfb.c | ||
Makefile | ||
oem300.h | ||
oem310.h | ||
osdef.h | ||
sis.h | ||
sis_accel.c | ||
sis_accel.h | ||
sis_main.c | ||
sis_main.h | ||
vgatypes.h | ||
vstruct.h |