xfs: fix stack contents leakage in the v1 inumber ioctls

Explicitly initialize the onstack structures to zero so we don't leak
kernel memory into userspace when converting the in-core inumbers
structure to the v1 inogrp ioctl structure.  Add a comment about why we
have to use memset to ensure that the padding holes in the structures
are set to zero.

Fixes: 5f19c7fc6873351 ("xfs: introduce v5 inode group structure")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>

diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c
index a8a06bb78ea8e3c942d3d6c45f25f5999ff0a6c3..f5c955d35be4342467815f45ce49b02a89813931 100644 (file)
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -272,6 +272,7 @@ xfs_bulkstat_to_bstat(
        struct xfs_bstat                *bs1,
        const struct xfs_bulkstat       *bstat)
 {
+       /* memset is needed here because of padding holes in the structure. */
        memset(bs1, 0, sizeof(struct xfs_bstat));
        bs1->bs_ino = bstat->bs_ino;
        bs1->bs_mode = bstat->bs_mode;
@@ -388,6 +389,8 @@ xfs_inumbers_to_inogrp(
        struct xfs_inogrp               *ig1,
        const struct xfs_inumbers       *ig)
 {
+       /* memset is needed here because of padding holes in the structure. */
+       memset(ig1, 0, sizeof(struct xfs_inogrp));
        ig1->xi_startino = ig->xi_startino;
        ig1->xi_alloccount = ig->xi_alloccount;
        ig1->xi_allocmask = ig->xi_allocmask;