Tom Rix faad6cebde scsi: sr: Do not leak information in ioctl ... sr_ioctl.c uses this pattern: result = sr_do_ioctl(cd, &cgc); to-user = buffer[]; kfree(buffer); return result; Use of a buffer without checking leaks information. Check result and jump over the use of buffer if there is an error. result = sr_do_ioctl(cd, &cgc); if (result) goto err; to-user = buffer[]; err: kfree(buffer); return result; Additionally, initialize the buffer to zero. This problem can be seen in the 2.4.0 kernel. Link: https://lore.kernel.org/r/20220411174756.2418435-1-trix@redhat.com Fixes: 1da177e4c3 ("Linux-2.6.12-rc2") Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Tom Rix <trix@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>		2022-04-18 22:48:31 -04:00
..
aacraid
aic7xxx
aic94xx
arcmsr
arm
be2iscsi
bfa
bnx2fc
bnx2i	scsi: iscsi: Merge suspend fields	2022-04-11 22:09:35 -04:00
csiostor
cxgbi	scsi: iscsi: Merge suspend fields	2022-04-11 22:09:35 -04:00
cxlflash
device_handler
dpt
elx
esas2r
fcoe
fnic
hisi_sas
ibmvscsi
ibmvscsi_tgt
isci
libfc
libsas
lpfc
megaraid	scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan	2022-04-06 22:58:17 -04:00
mpi3mr
mpt3sas	scsi: mpt3sas: Fail reset operation if config request timed out	2022-04-06 22:14:09 -04:00
mvsas	scsi: mvsas: Add PCI ID of RocketRaid 2640	2022-04-06 22:27:08 -04:00
pcmcia	scsi: sym53c500_cs: Stop using struct scsi_pointer	2022-04-06 22:11:52 -04:00
pm8001	scsi: pm80xx: Enable upper inbound, outbound queues	2022-04-11 21:59:50 -04:00
qedf
qedi	scsi: qedi: Fix failed disconnect handling	2022-04-11 22:09:35 -04:00
qla2xxx
qla4xxx
smartpqi
snic
sym53c8xx_2
ufs	scsi: ufs: ufshpb: Fix a NULL check on list iterator	2022-04-06 22:40:41 -04:00
.gitignore
3w-9xxx.c
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c
3w-xxxx.h
53c700.c
53c700.h
53c700.scr
53c700_d.h_shipped
a100u2w.c
a100u2w.h
a2091.c
a2091.h
a3000.c
a3000.h
a4000t.c
advansys.c
aha152x.c
aha152x.h
aha1542.c
aha1542.h
aha1740.c
aha1740.h
am53c974.c
atari_scsi.c
atp870u.c
atp870u.h
BusLogic.c
BusLogic.h
bvme6000_scsi.c
ch.c
constants.c
dc395x.c
dc395x.h
dmx3191d.c
dpt_i2o.c
dpti.h
esp_scsi.c
esp_scsi.h
fdomain.c
fdomain.h
fdomain_isa.c
fdomain_pci.c
FlashPoint.c
g_NCR5380.c
gvp11.c
gvp11.h
hosts.c
hpsa.c
hpsa.h
hpsa_cmd.h
hptiop.c
hptiop.h
imm.c
imm.h
initio.c
initio.h
ipr.c
ipr.h
ips.c
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c
iscsi_tcp.h
jazz_esp.c
Kconfig
lasi700.c
libiscsi.c	scsi: iscsi: Fix NOP handling during conn recovery	2022-04-11 22:09:35 -04:00
libiscsi_tcp.c	scsi: iscsi: Merge suspend fields	2022-04-11 22:09:35 -04:00
mac53c94.c
mac53c94.h
mac_esp.c
mac_scsi.c
Makefile
megaraid.c
megaraid.h
mesh.c
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c
mvumi.h
myrb.c
myrb.h
myrs.c
myrs.h
ncr53c8xx.c
ncr53c8xx.h
NCR5380.c
NCR5380.h
nsp32.c
nsp32.h
nsp32_debug.c
nsp32_io.h
pmcraid.c
pmcraid.h
ppa.c
ppa.h
ps3rom.c
qla1280.c
qla1280.h
qlogicfas.c
qlogicfas408.c
qlogicfas408.h
qlogicpti.c
qlogicpti.h
raid_class.c
script_asm.pl
scsi.c
scsi_bsg.c
scsi_common.c
scsi_debug.c	Revert "scsi: scsi_debug: Address races following module load"	2022-04-11 21:57:27 -04:00
scsi_debugfs.c
scsi_debugfs.h
scsi_devinfo.c
scsi_dh.c
scsi_error.c
scsi_ioctl.c
scsi_lib.c
scsi_lib_dma.c
scsi_logging.c
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi_priv.h
scsi_proc.c
scsi_sas_internal.h
scsi_scan.c
scsi_sysctl.c
scsi_sysfs.c
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c
scsi_transport_iscsi.c	scsi: iscsi: Fix unbound endpoint error handling	2022-04-11 22:09:35 -04:00
scsi_transport_sas.c
scsi_transport_spi.c
scsi_transport_srp.c
scsicam.c
sd.c	scsi: sd: Clean up gendisk if device_add_disk() failed	2022-04-06 22:37:49 -04:00
sd.h
sd_dif.c
sd_zbc.c
sense_codes.h
ses.c
sg.c
sgiwd93.c
sim710.c
sni_53c710.c
sr.c
sr.h
sr_ioctl.c	scsi: sr: Do not leak information in ioctl	2022-04-18 22:48:31 -04:00
sr_vendor.c
st.c
st.h
st_options.h
stex.c
storvsc_drv.c
sun3_scsi.c
sun3_scsi_vme.c
sun3x_esp.c
sun_esp.c
virtio_scsi.c
vmw_pvscsi.c
vmw_pvscsi.h
wd33c93.c
wd33c93.h
wd719x.c
wd719x.h
xen-scsifront.c
zalon.c
zorro7xx.c
zorro_esp.c