drivers/char/synclink_gt.c: fix information leak to userland

Structures tmp_params and new_line are copied to userland with some
padding fields unitialized.  It leads to leaking of stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Paul Fulghum <paulkf@microgate.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 3 insertions, 0 deletions

diff --git a/drivers/char/synclink_gt.c b/drivers/char/synclink_gt.c
index 11999784383e..9f7fc71474b4 100644
--- a/drivers/char/synclink_gt.c
+++ b/drivers/char/synclink_gt.c
@@ -1132,6 +1132,7 @@ static long get_params32(struct slgt_info *info, struct MGSL_PARAMS32 __user *us
         struct MGSL_PARAMS32 tmp_params;
 
         DBGINFO(("%s get_params32\n", info->device_name));
+        memset(&tmp_params, 0, sizeof(tmp_params));
         tmp_params.mode            = (compat_ulong_t)info->params.mode;
         tmp_params.loopback        = info->params.loopback;
         tmp_params.flags           = info->params.flags;
@@ -1617,6 +1618,8 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
         if (cmd != SIOCWANDEV)
                 return hdlc_ioctl(dev, ifr, cmd);
 
+        memset(&new_line, 0, sizeof(new_line));
+
         switch(ifr->ifr_settings.type) {
         case IF_GET_IFACE: /* return current sync_serial_settings */