ALSA: asihpi: fix kernel memory disclosure

Some elements in hr are not cleared before being copied to user space, leaking kernel heap memory to user space. For example, this happens in the error handling code for the HPI_ADAPTER_DELETE case. Zero the memory before it's copied. Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net> Signed-off-by: Takashi Iwai <tiwai@suse.de>
author: Vlad Tsyrklevich <vlad@tsyrklevich.net> 2016-10-13 12:36:41 (GMT)
committer: Takashi Iwai <tiwai@suse.de> 2016-10-18 12:08:25 (GMT)
commit: d69bb92e402ff948bdcd39f19c9067874fb86873 (patch)
tree: 7bbc369e84e7466fdfb8b669db191d2cc88ac7c5 /sound/pci
parent: f771d5bb71d4df9573d12386400540516672208b (diff)
download: linux-d69bb92e402ff948bdcd39f19c9067874fb86873.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c
index d17937b..7e3aa50 100644
--- a/sound/pci/asihpi/hpioctl.c
+++ b/sound/pci/asihpi/hpioctl.c
@@ -111,7 +111,7 @@ long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 		return -EINVAL;
 
 	hm = kmalloc(sizeof(*hm), GFP_KERNEL);
-	hr = kmalloc(sizeof(*hr), GFP_KERNEL);
+	hr = kzalloc(sizeof(*hr), GFP_KERNEL);
 	if (!hm || !hr) {
 		err = -ENOMEM;
 		goto out;
author	Vlad Tsyrklevich <vlad@tsyrklevich.net>	2016-10-13 12:36:41 (GMT)
committer	Takashi Iwai <tiwai@suse.de>	2016-10-18 12:08:25 (GMT)
commit	d69bb92e402ff948bdcd39f19c9067874fb86873 (patch)
tree	7bbc369e84e7466fdfb8b669db191d2cc88ac7c5 /sound/pci
parent	f771d5bb71d4df9573d12386400540516672208b (diff)
download	linux-d69bb92e402ff948bdcd39f19c9067874fb86873.tar.xz