FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team
Reload this Page char/tpm: Fix unitialized usage of data buffer

 
 
LinkBack Thread Tools
 
Old 07-27-2011, 03:20 PM
Andy Whitcroft
 
Default char/tpm: Fix unitialized usage of data buffer
CVE-2011-1160
This patch fixes information leakage to the userspace by
initializing the data buffer to zero.

The fix for this CVE has lucid and later via mainline and stable
updates. Following this email are two patches, one for hardy, and one
for lucid/fsl-imx51 and maverick/ti-omap4. The first is a simple
backport of the mainline fix, the second a cherry-pick.

Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-27-2011, 03:20 PM
Andy Whitcroft
 
Default char/tpm: Fix unitialized usage of data buffer
From: Peter Huewe <huewe.external.infineon@googlemail.com>

This patch fixes information leakage to the userspace by initializing
the data buffer to zero.

Reported-by: Peter Huewe <huewe.external@infineon.com>
Signed-off-by: Peter Huewe <huewe.external@infineon.com>
Signed-off-by: Marcel Selhorst <m.selhorst@sirrix.com>
[ Also removed the silly "* sizeof(u8)". If that isn't 1, we have way
deeper problems than a simple multiplication can fix. - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

(backported from commit 1309d7afbed112f0e8e90be9af975550caa0076b)
CVE-2011-1160
BugLink: http://bugs.launchpad.net/bugs/816546
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
drivers/char/tpm/tpm.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
index c88424a..14ad745 100644
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm.c
@@ -922,7 +922,7 @@ int tpm_open(struct inode *inode, struct file *file)

spin_unlock(&driver_lock);

- chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL);
+ chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL);
if (chip->data_buffer == NULL) {
chip->num_opens--;
put_device(chip->dev);
--
1.7.4.1


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-27-2011, 03:36 PM
Stefan Bader
 
Default char/tpm: Fix unitialized usage of data buffer
On 27.07.2011 17:20, Andy Whitcroft wrote:
> CVE-2011-1160
> This patch fixes information leakage to the userspace by
> initializing the data buffer to zero.
>
> The fix for this CVE has lucid and later via mainline and stable
> updates. Following this email are two patches, one for hardy, and one
> for lucid/fsl-imx51 and maverick/ti-omap4. The first is a simple
> backport of the mainline fix, the second a cherry-pick.
>
> Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.
>
> -apw
>

Straight forward...

Acked-by: Stefan Bader <stefan.bader@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 11:40 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -