[3.8.y.z extended stable] Patch "[media] media-device: fix infoleak in ioctl media_enum_entities()" has been added to staging queue

Mon Jun 23 21:17:29 UTC 2014

This is a note to let you know that I have just added a patch titled

    [media] media-device: fix infoleak in ioctl media_enum_entities()

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.25.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From cd6ba5ac87165d3aec5225b2e1abccdad86cb725 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Salva=20Peir=C3=B3?= <speiro at ai2.upv.es>
Date: Wed, 30 Apr 2014 19:48:02 +0200
Subject: [PATCH 05/66] [media] media-device: fix infoleak in ioctl
 media_enum_entities()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

commit e6a623460e5fc960ac3ee9f946d3106233fd28d8 upstream.

This fixes CVE-2014-1739.

Signed-off-by: Salva Peiró <speiro at ai2.upv.es>
Acked-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab at samsung.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 drivers/media/media-device.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
index d01fcb7..e8af209 100644
--- a/drivers/media/media-device.c
+++ b/drivers/media/media-device.c
@@ -92,6 +92,7 @@ static long media_device_enum_entities(struct media_device *mdev,
 	struct media_entity *ent;
 	struct media_entity_desc u_ent;

+	memset(&u_ent, 0, sizeof(u_ent));
 	if (copy_from_user(&u_ent.id, &uent->id, sizeof(u_ent.id)))
 		return -EFAULT;

--
1.9.1



