Please apply backport of commit da2311a6385c ("can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices") to v4.9.y
Hi
The issue fixed with da2311a6385c ("can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices") seem to be present as well before 4.19, introduced in 3.8 by commit 080f40a6fa28 "can: kvaser_usb: Add support for Kvaser CAN/USB devices" already.
For Debian (for 4.9.210-1 upload) and for 3.16.y upstream Ben Hutchings did backport the commit.
Can you apply it please as well for v4.9.y?
Regards, Salvatore
From fe8da238df185e6b55301eea0c762e1ab04df625 Mon Sep 17 00:00:00 2001
From: Xiaolong Huang butterflyhuangxx@gmail.com Date: Sat, 7 Dec 2019 22:40:24 +0800 Subject: [PATCH] can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
Uninitialized Kernel memory can leak to USB devices.
Fix this by using kzalloc() instead of kmalloc().
Signed-off-by: Xiaolong Huang butterflyhuangxx@gmail.com Fixes: 7259124eac7d ("can: kvaser_usb: Split driver into kvaser_usb_core.c and kvaser_usb_leaf.c") Cc: linux-stable stable@vger.kernel.org # >= v4.19 Signed-off-by: Marc Kleine-Budde mkl@pengutronix.de [bwh: Backported to 4.9: adjust filename, context] Signed-off-by: Ben Hutchings ben@decadent.org.uk --- drivers/net/can/usb/kvaser_usb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c index 3a75352f632b..792a1afabf5d 100644 --- a/drivers/net/can/usb/kvaser_usb.c +++ b/drivers/net/can/usb/kvaser_usb.c @@ -791,7 +791,7 @@ static int kvaser_usb_simple_msg_async(struct kvaser_usb_net_priv *priv, if (!urb) return -ENOMEM;
- buf = kmalloc(sizeof(struct kvaser_msg), GFP_ATOMIC); + buf = kzalloc(sizeof(struct kvaser_msg), GFP_ATOMIC); if (!buf) { usb_free_urb(urb); return -ENOMEM; @@ -1459,7 +1459,7 @@ static int kvaser_usb_set_opt_mode(const struct kvaser_usb_net_priv *priv) struct kvaser_msg *msg; int rc;
- msg = kmalloc(sizeof(*msg), GFP_KERNEL); + msg = kzalloc(sizeof(*msg), GFP_KERNEL); if (!msg) return -ENOMEM;
@@ -1592,7 +1592,7 @@ static int kvaser_usb_flush_queue(struct kvaser_usb_net_priv *priv) struct kvaser_msg *msg; int rc;
- msg = kmalloc(sizeof(*msg), GFP_KERNEL); + msg = kzalloc(sizeof(*msg), GFP_KERNEL); if (!msg) return -ENOMEM;
On Sun, Jun 14, 2020 at 09:54:03AM +0200, Salvatore Bonaccorso wrote:
Hi
The issue fixed with da2311a6385c ("can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices") seem to be present as well before 4.19, introduced in 3.8 by commit 080f40a6fa28 "can: kvaser_usb: Add support for Kvaser CAN/USB devices" already.
For Debian (for 4.9.210-1 upload) and for 3.16.y upstream Ben Hutchings did backport the commit.
Can you apply it please as well for v4.9.y?
Now applied, thanks.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg Kroah-Hartman -
Salvatore Bonaccorso