From 1c62e9f2b5a97c53aaae490f844949d32cca6dc6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Sun, 21 Apr 2013 14:07:29 +0300 Subject: [PATCH] ALSA: compress: info leak in snd_compr_get_caps() If the ->get_caps() function doesn't clear the buffer then there would stack information leaked to userspace. For example, soc_compr_get_caps() can return success without clearing the buffer. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai --- sound/core/compress_offload.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index 7941ace78283..664c69398b41 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -409,6 +409,7 @@ snd_compr_get_caps(struct snd_compr_stream *stream, unsigned long arg) if (!stream->ops->get_caps) return -ENXIO; + memset(&caps, 0, sizeof(caps)); retval = stream->ops->get_caps(stream, &caps); if (retval) goto out;