From 56fd62a423b410b6c5f57303cc6517ac79f71997 Mon Sep 17 00:00:00 2001 From: Soumya Managoli Date: Wed, 2 Aug 2023 13:24:08 +0530 Subject: [PATCH] dsp: Address information leak in dsp drivers Due to uninitialised variables used in q6voice and q6usm drivers, there is a possibility of stack information leak whenever lesser size data is copied. Fix is to address this. Change-Id: I6888b468ce50114be3139111ccf4696827540cfd Signed-off-by: Soumya Managoli --- dsp/q6usm.c | 2 ++ dsp/q6voice.c | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/dsp/q6usm.c b/dsp/q6usm.c index cd024fce8139..b9bdce20e02a 100644 --- a/dsp/q6usm.c +++ b/dsp/q6usm.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (c) 2012-2019, The Linux Foundation. All rights reserved. + * Copyright (c) 2023, Qualcomm Innovation Center, Inc. All rights reserved. */ #include #include @@ -898,6 +899,7 @@ int q6usm_enc_cfg_blk(struct us_client *usc, struct us_encdec_cfg *us_cfg) sizeof(struct usm_cfg_common)); /* Transparent data copy */ + memset(enc_cfg->enc_blk.transp_data, 0, sizeof (enc_cfg->enc_blk.transp_data)); memcpy(enc_cfg->enc_blk.transp_data, us_cfg->params, us_cfg->params_size); pr_debug("%s: cfg_size[%d], params_size[%d]\n", diff --git a/dsp/q6voice.c b/dsp/q6voice.c index 0f2fe8ccc1b4..f0f2a05b636d 100644 --- a/dsp/q6voice.c +++ b/dsp/q6voice.c @@ -1164,6 +1164,10 @@ static int voice_create_mvm_cvs_session(struct voice_data *v) common.mvs_info.media_type; cvs_full_ctl_cmd.cvs_session.network_id = common.mvs_info.network_type; + + memset(cvs_full_ctl_cmd.cvs_session.name, 0, + sizeof(cvs_full_ctl_cmd.cvs_session.name)); + strlcpy(cvs_full_ctl_cmd.cvs_session.name, "default q6 voice", strlen("default q6 voice")+1); @@ -3079,6 +3083,9 @@ static int voice_send_cvp_create_cmd(struct voice_data *v) VSS_IVOCPROC_PORT_ID_NONE; } + memset(cvp_session_cmd.cvp_session.name, 0, + sizeof(cvp_session_cmd.cvp_session.name)); + pr_debug("tx_topology: %d tx_port_id=%d, rx_port_id=%d, mode: 0x%x\n", cvp_session_cmd.cvp_session.tx_topology_id, cvp_session_cmd.cvp_session.tx_port_id,