Sebastian Lackner : server: Avoid leaking uninitialized stack memory to applications. - wine-commits

17 Aug 2015

Module: wine
Branch: master
Commit: a8c6fe39af1e47c26e125ff5b3ff0c4ed71bea73
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=a8c6fe39af1e47c26e125ff5b3...
Author: Sebastian Lackner sebastian@fds-team.de
Date:   Sun Aug 16 08:00:13 2015 +0200
server: Avoid leaking uninitialized stack memory to applications.
Without the memset() there is a risk of leaking uninitialized stack memory in the
get_next_device_request wineserver call.
---
server/device.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/device.c b/server/device.c
index 812bce3..9ef587c 100644
--- a/server/device.c
+++ b/server/device.c
@@ -384,6 +384,7 @@ static struct object *device_open_file( struct object *obj, unsigned int access,
         struct irp_call *irp;
         irp_params_t params;
+        memset( &params, 0, sizeof(params) );
         params.create.major   = IRP_MJ_CREATE;
         params.create.access  = access;
         params.create.sharing = sharing;
@@ -422,6 +423,7 @@ static int device_file_close_handle( struct object *obj, struct process *process
         struct irp_call *irp;
         irp_params_t params;
+        memset( &params, 0, sizeof(params) );
         params.close.major = IRP_MJ_CLOSE;
         params.close.file  = file->user_ptr;
@@ -516,6 +518,7 @@ static obj_handle_t device_file_read( struct fd *fd, const async_data_t *async_d
     obj_handle_t handle;
     irp_params_t params;
+    memset( &params, 0, sizeof(params) );
     params.read.major = IRP_MJ_READ;
     params.read.key   = 0;
     params.read.pos   = pos;
@@ -537,6 +540,7 @@ static obj_handle_t device_file_write( struct fd *fd, const async_data_t *async_
     obj_handle_t handle;
     irp_params_t params;
+    memset( &params, 0, sizeof(params) );
     params.write.major = IRP_MJ_WRITE;
     params.write.key   = 0;
     params.write.pos   = pos;
@@ -557,6 +561,7 @@ static obj_handle_t device_file_flush( struct fd *fd, const async_data_t *async_
     obj_handle_t handle;
     irp_params_t params;
+    memset( &params, 0, sizeof(params) );
     params.flush.major = IRP_MJ_FLUSH_BUFFERS;
     params.flush.file  = file->user_ptr;
@@ -576,6 +581,7 @@ static obj_handle_t device_file_ioctl( struct fd *fd, ioctl_code_t code, const a
     obj_handle_t handle;
     irp_params_t params;
+    memset( &params, 0, sizeof(params) );
     params.ioctl.major = IRP_MJ_DEVICE_CONTROL;
     params.ioctl.code  = code;
     params.ioctl.file = file->user_ptr;

    