Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-08-16 22:01:45 +0200
committerJiri Slaby <jslaby@suse.cz>2019-08-16 22:25:10 +0200
commit7c2ce4f570100df0798acfe24ec06afe8c3fa64e (patch)
tree53cfa8fb709203594d7cfb77e3e2be39645f7446
parent2545795f3dca513c1b937923b3e4a288ff2145ad (diff)
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
-rw-r--r--patches.kernel.org/5.2.9-121-can-peak_usb-pcan_usb_pro-Fix-info-leaks-to-USB.patch40
-rw-r--r--series.conf1
2 files changed, 41 insertions, 0 deletions
diff --git a/patches.kernel.org/5.2.9-121-can-peak_usb-pcan_usb_pro-Fix-info-leaks-to-USB.patch b/patches.kernel.org/5.2.9-121-can-peak_usb-pcan_usb_pro-Fix-info-leaks-to-USB.patch
new file mode 100644
index 0000000000..0cee679853
--- /dev/null
+++ b/patches.kernel.org/5.2.9-121-can-peak_usb-pcan_usb_pro-Fix-info-leaks-to-USB.patch
@@ -0,0 +1,40 @@
+From: Tomas Bortoli <tomasbortoli@gmail.com>
+Date: Wed, 31 Jul 2019 10:54:47 -0400
+Subject: [PATCH] can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
+References: bnc#1012628
+Patch-mainline: 5.2.9
+Git-commit: ead16e53c2f0ed946d82d4037c630e2f60f4ab69
+
+commit ead16e53c2f0ed946d82d4037c630e2f60f4ab69 upstream.
+
+Uninitialized Kernel memory can leak to USB devices.
+
+Fix by using kzalloc() instead of kmalloc() on the affected buffers.
+
+Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
+Reported-by: syzbot+d6a5a1a3657b596ef132@syzkaller.appspotmail.com
+Fixes: f14e22435a27 ("net: can: peak_usb: Do not do dma on the stack")
+Cc: linux-stable <stable@vger.kernel.org>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/can/usb/peak_usb/pcan_usb_pro.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_pro.c b/drivers/net/can/usb/peak_usb/pcan_usb_pro.c
+index 178bb7cff0c1..53cb2f72bdd0 100644
+--- a/drivers/net/can/usb/peak_usb/pcan_usb_pro.c
++++ b/drivers/net/can/usb/peak_usb/pcan_usb_pro.c
+@@ -494,7 +494,7 @@ static int pcan_usb_pro_drv_loaded(struct peak_usb_device *dev, int loaded)
+ u8 *buffer;
+ int err;
+
+- buffer = kmalloc(PCAN_USBPRO_FCT_DRVLD_REQ_LEN, GFP_KERNEL);
++ buffer = kzalloc(PCAN_USBPRO_FCT_DRVLD_REQ_LEN, GFP_KERNEL);
+ if (!buffer)
+ return -ENOMEM;
+
+--
+2.22.0
+
diff --git a/series.conf b/series.conf
index 90832c0021..8be17f9e32 100644
--- a/series.conf
+++ b/series.conf
@@ -1141,6 +1141,7 @@
patches.kernel.org/5.2.9-118-HID-sony-Fix-race-condition-between-rumble-and-.patch
patches.kernel.org/5.2.9-119-ALSA-usb-audio-fix-a-memory-leak-bug.patch
patches.kernel.org/5.2.9-120-KVM-nSVM-properly-map-nested-VMCB.patch
+ patches.kernel.org/5.2.9-121-can-peak_usb-pcan_usb_pro-Fix-info-leaks-to-USB.patch
########################################################
# Build fixes that apply to the vanilla kernel too.