Sebastian Lackner : server: Avoid leaking uninitialized stack memory to applications.
Alexandre Julliard
julliard at wine.codeweavers.com
Mon Aug 17 09:01:12 CDT 2015
Module: wine
Branch: master
Commit: a8c6fe39af1e47c26e125ff5b3ff0c4ed71bea73
URL: http://source.winehq.org/git/wine.git/?a=commit;h=a8c6fe39af1e47c26e125ff5b3ff0c4ed71bea73
Author: Sebastian Lackner <sebastian at fds-team.de>
Date: Sun Aug 16 08:00:13 2015 +0200
server: Avoid leaking uninitialized stack memory to applications.
Without the memset() there is a risk of leaking uninitialized stack memory in the
get_next_device_request wineserver call.
---
server/device.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/server/device.c b/server/device.c
index 812bce3..9ef587c 100644
--- a/server/device.c
+++ b/server/device.c
@@ -384,6 +384,7 @@ static struct object *device_open_file( struct object *obj, unsigned int access,
struct irp_call *irp;
irp_params_t params;
+ memset( ¶ms, 0, sizeof(params) );
params.create.major = IRP_MJ_CREATE;
params.create.access = access;
params.create.sharing = sharing;
@@ -422,6 +423,7 @@ static int device_file_close_handle( struct object *obj, struct process *process
struct irp_call *irp;
irp_params_t params;
+ memset( ¶ms, 0, sizeof(params) );
params.close.major = IRP_MJ_CLOSE;
params.close.file = file->user_ptr;
@@ -516,6 +518,7 @@ static obj_handle_t device_file_read( struct fd *fd, const async_data_t *async_d
obj_handle_t handle;
irp_params_t params;
+ memset( ¶ms, 0, sizeof(params) );
params.read.major = IRP_MJ_READ;
params.read.key = 0;
params.read.pos = pos;
@@ -537,6 +540,7 @@ static obj_handle_t device_file_write( struct fd *fd, const async_data_t *async_
obj_handle_t handle;
irp_params_t params;
+ memset( ¶ms, 0, sizeof(params) );
params.write.major = IRP_MJ_WRITE;
params.write.key = 0;
params.write.pos = pos;
@@ -557,6 +561,7 @@ static obj_handle_t device_file_flush( struct fd *fd, const async_data_t *async_
obj_handle_t handle;
irp_params_t params;
+ memset( ¶ms, 0, sizeof(params) );
params.flush.major = IRP_MJ_FLUSH_BUFFERS;
params.flush.file = file->user_ptr;
@@ -576,6 +581,7 @@ static obj_handle_t device_file_ioctl( struct fd *fd, ioctl_code_t code, const a
obj_handle_t handle;
irp_params_t params;
+ memset( ¶ms, 0, sizeof(params) );
params.ioctl.major = IRP_MJ_DEVICE_CONTROL;
params.ioctl.code = code;
params.ioctl.file = file->user_ptr;
More information about the wine-cvs
mailing list