[2/2] server: Avoid leaking uninitialized stack memory to applications.

Sebastian Lackner sebastian at fds-team.de
Sun Aug 16 01:00:13 CDT 2015 

Without the memset() there is a risk of leaking uninitialized stack memory in the
get_next_device_request wineserver call.

---
 server/device.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/device.c b/server/device.c
index 812bce3..9ef587c 100644
--- a/server/device.c
+++ b/server/device.c
@@ -384,6 +384,7 @@ static struct object *device_open_file( struct object *obj, unsigned int access,
         struct irp_call *irp;
         irp_params_t params;
 
+        memset( &params, 0, sizeof(params) );
         params.create.major   = IRP_MJ_CREATE;
         params.create.access  = access;
         params.create.sharing = sharing;
@@ -422,6 +423,7 @@ static int device_file_close_handle( struct object *obj, struct process *process
         struct irp_call *irp;
         irp_params_t params;
 
+        memset( &params, 0, sizeof(params) );
         params.close.major = IRP_MJ_CLOSE;
         params.close.file  = file->user_ptr;
 
@@ -516,6 +518,7 @@ static obj_handle_t device_file_read( struct fd *fd, const async_data_t *async_d
     obj_handle_t handle;
     irp_params_t params;
 
+    memset( &params, 0, sizeof(params) );
     params.read.major = IRP_MJ_READ;
     params.read.key   = 0;
     params.read.pos   = pos;
@@ -537,6 +540,7 @@ static obj_handle_t device_file_write( struct fd *fd, const async_data_t *async_
     obj_handle_t handle;
     irp_params_t params;
 
+    memset( &params, 0, sizeof(params) );
     params.write.major = IRP_MJ_WRITE;
     params.write.key   = 0;
     params.write.pos   = pos;
@@ -557,6 +561,7 @@ static obj_handle_t device_file_flush( struct fd *fd, const async_data_t *async_
     obj_handle_t handle;
     irp_params_t params;
 
+    memset( &params, 0, sizeof(params) );
     params.flush.major = IRP_MJ_FLUSH_BUFFERS;
     params.flush.file  = file->user_ptr;
 
@@ -576,6 +581,7 @@ static obj_handle_t device_file_ioctl( struct fd *fd, ioctl_code_t code, const a
     obj_handle_t handle;
     irp_params_t params;
 
+    memset( &params, 0, sizeof(params) );
     params.ioctl.major = IRP_MJ_DEVICE_CONTROL;
     params.ioctl.code  = code;
     params.ioctl.file = file->user_ptr;
-- 
2.5.0

More information about the wine-patches mailing list