From bffbbc0a2ccb9f3a3235ea6c646030e5fc3d771e Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 7 Nov 2013 11:09:54 +0300 Subject: [PATCH] ALSA: sb16 - info leak in snd_sb_csp_ioctl() There is a 2 byte hole after "info.func_nr" so we could leak unitialized stack information to userspace. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai --- sound/isa/sb/sb16_csp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/isa/sb/sb16_csp.c b/sound/isa/sb/sb16_csp.c index c1aa21edcb65..48da2276683d 100644 --- a/sound/isa/sb/sb16_csp.c +++ b/sound/isa/sb/sb16_csp.c @@ -208,6 +208,7 @@ static int snd_sb_csp_ioctl(struct snd_hwdep * hw, struct file *file, unsigned i switch (cmd) { /* get information */ case SNDRV_SB_CSP_IOCTL_INFO: + memset(&info, 0, sizeof(info)); *info.codec_name = *p->codec_name; info.func_nr = p->func_nr; info.acc_format = p->acc_format;