ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server: Avoid leaking uninitialized stack memory to applications. 

Without the memset() there is a risk of leaking uninitialized stack memory in the
get_next_device_request wineserver call.
This commit is contained in:
Sebastian Lackner 2015-08-16 08:00:13 +02:00 committed by Alexandre Julliard
parent b279901546
commit a8c6fe39af
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/device.c
View File

@ -384,6 +384,7 @@ static struct object *device_open_file( struct object *obj, unsigned int access,
struct irp_call *irp; struct irp_call *irp;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.create.major = IRP_MJ_CREATE; params.create.major = IRP_MJ_CREATE;
params.create.access = access; params.create.access = access;
params.create.sharing = sharing; params.create.sharing = sharing;
@ -422,6 +423,7 @@ static int device_file_close_handle( struct object *obj, struct process *process
struct irp_call *irp; struct irp_call *irp;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.close.major = IRP_MJ_CLOSE; params.close.major = IRP_MJ_CLOSE;
params.close.file = file->user_ptr; params.close.file = file->user_ptr;
@ -516,6 +518,7 @@ static obj_handle_t device_file_read( struct fd *fd, const async_data_t *async_d
obj_handle_t handle; obj_handle_t handle;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.read.major = IRP_MJ_READ; params.read.major = IRP_MJ_READ;
params.read.key = 0; params.read.key = 0;
params.read.pos = pos; params.read.pos = pos;
@ -537,6 +540,7 @@ static obj_handle_t device_file_write( struct fd *fd, const async_data_t *async_
obj_handle_t handle; obj_handle_t handle;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.write.major = IRP_MJ_WRITE; params.write.major = IRP_MJ_WRITE;
params.write.key = 0; params.write.key = 0;
params.write.pos = pos; params.write.pos = pos;
@ -557,6 +561,7 @@ static obj_handle_t device_file_flush( struct fd *fd, const async_data_t *async_
obj_handle_t handle; obj_handle_t handle;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.flush.major = IRP_MJ_FLUSH_BUFFERS; params.flush.major = IRP_MJ_FLUSH_BUFFERS;
params.flush.file = file->user_ptr; params.flush.file = file->user_ptr;
@ -576,6 +581,7 @@ static obj_handle_t device_file_ioctl( struct fd *fd, ioctl_code_t code, const a
obj_handle_t handle; obj_handle_t handle;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.ioctl.major = IRP_MJ_DEVICE_CONTROL; params.ioctl.major = IRP_MJ_DEVICE_CONTROL;
params.ioctl.code = code; params.ioctl.code = code;
params.ioctl.file = file->user_ptr; params.ioctl.file = file->user_ptr;