diff mbox series

scsi: stex: properly zero out the passthrough command structure

Message ID 20220908145154.2284098-1-gregkh@linuxfoundation.org (mailing list archive)
State Superseded
Headers show
Series scsi: stex: properly zero out the passthrough command structure | expand

Commit Message

Greg Kroah-Hartman Sept. 8, 2022, 2:51 p.m. UTC 
The passthrough structure is declared off of the stack, so it needs to
be zeroed out before copied back to userspace to prevent any
unintentional data leakage.

Reported-by: hdthky <hdthky0@gmail.com>
Cc: stable <stable@kernel.org>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/scsi/stex.c | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/drivers/scsi/stex.c b/drivers/scsi/stex.c
index e6420f2127ce..fc5880a35723 100644
--- a/drivers/scsi/stex.c
+++ b/drivers/scsi/stex.c
@@ -668,6 +668,7 @@  static int stex_queuecommand_lck(struct scsi_cmnd *cmd)
 			struct st_drvver ver;
 			size_t cp_len = sizeof(ver);
 
+			memset(&ver, 0x00, sizeof(ver));
 			ver.major = ST_VER_MAJOR;
 			ver.minor = ST_VER_MINOR;
 			ver.oem = ST_OEM;