From 98990dce53881aa9de423eeb8f7b990b997daeda Mon Sep 17 00:00:00 2001 From: Brian Gianforcaro Date: Wed, 29 Dec 2021 02:03:43 -0800 Subject: [PATCH] Kernel: Fix info leak from padding in GenericFramebufferDevice::ioctl In FB_IOCTL_GET_PROPERTIES we were not initializing the padding of the struct, leading to the potential of an kernel information leak if the caller looked back at it's contents. Lets just be extra paranoid and zero initialize all these structs in we store on the stack while handling ioctls(..). --- Kernel/Graphics/GenericFramebufferDevice.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Kernel/Graphics/GenericFramebufferDevice.cpp b/Kernel/Graphics/GenericFramebufferDevice.cpp index bcbb045908..75705046c8 100644 --- a/Kernel/Graphics/GenericFramebufferDevice.cpp +++ b/Kernel/Graphics/GenericFramebufferDevice.cpp @@ -37,7 +37,7 @@ ErrorOr GenericFramebufferDevice::ioctl(OpenFileDescription&, unsigned req switch (request) { case FB_IOCTL_GET_PROPERTIES: { auto user_properties = static_ptr_cast(arg); - FBProperties properties; + FBProperties properties {}; auto adapter = m_graphics_adapter.strong_ref(); if (!adapter) return Error::from_errno(EIO); @@ -49,7 +49,7 @@ ErrorOr GenericFramebufferDevice::ioctl(OpenFileDescription&, unsigned req } case FB_IOCTL_GET_HEAD_PROPERTIES: { auto user_head_properties = static_ptr_cast(arg); - FBHeadProperties head_properties; + FBHeadProperties head_properties {}; TRY(copy_from_user(&head_properties, user_head_properties)); TRY(verify_head_index(head_properties.head_index)); @@ -86,7 +86,7 @@ ErrorOr GenericFramebufferDevice::ioctl(OpenFileDescription&, unsigned req } case FB_IOCTL_GET_HEAD_VERTICAL_OFFSET_BUFFER: { auto user_head_vertical_buffer_offset = static_ptr_cast(arg); - FBHeadVerticalOffset head_vertical_buffer_offset; + FBHeadVerticalOffset head_vertical_buffer_offset {}; TRY(copy_from_user(&head_vertical_buffer_offset, user_head_vertical_buffer_offset)); TRY(verify_head_index(head_vertical_buffer_offset.head_index));