Commit a8c6fe39 authored by Sebastian Lackner's avatar Sebastian Lackner Committed by Alexandre Julliard

server: Avoid leaking uninitialized stack memory to applications.

Without the memset() there is a risk of leaking uninitialized stack memory in the get_next_device_request wineserver call.
parent b2799015
...@@ -384,6 +384,7 @@ static struct object *device_open_file( struct object *obj, unsigned int access, ...@@ -384,6 +384,7 @@ static struct object *device_open_file( struct object *obj, unsigned int access,
struct irp_call *irp; struct irp_call *irp;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.create.major = IRP_MJ_CREATE; params.create.major = IRP_MJ_CREATE;
params.create.access = access; params.create.access = access;
params.create.sharing = sharing; params.create.sharing = sharing;
...@@ -422,6 +423,7 @@ static int device_file_close_handle( struct object *obj, struct process *process ...@@ -422,6 +423,7 @@ static int device_file_close_handle( struct object *obj, struct process *process
struct irp_call *irp; struct irp_call *irp;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.close.major = IRP_MJ_CLOSE; params.close.major = IRP_MJ_CLOSE;
params.close.file = file->user_ptr; params.close.file = file->user_ptr;
...@@ -516,6 +518,7 @@ static obj_handle_t device_file_read( struct fd *fd, const async_data_t *async_d ...@@ -516,6 +518,7 @@ static obj_handle_t device_file_read( struct fd *fd, const async_data_t *async_d
obj_handle_t handle; obj_handle_t handle;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.read.major = IRP_MJ_READ; params.read.major = IRP_MJ_READ;
params.read.key = 0; params.read.key = 0;
params.read.pos = pos; params.read.pos = pos;
...@@ -537,6 +540,7 @@ static obj_handle_t device_file_write( struct fd *fd, const async_data_t *async_ ...@@ -537,6 +540,7 @@ static obj_handle_t device_file_write( struct fd *fd, const async_data_t *async_
obj_handle_t handle; obj_handle_t handle;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.write.major = IRP_MJ_WRITE; params.write.major = IRP_MJ_WRITE;
params.write.key = 0; params.write.key = 0;
params.write.pos = pos; params.write.pos = pos;
...@@ -557,6 +561,7 @@ static obj_handle_t device_file_flush( struct fd *fd, const async_data_t *async_ ...@@ -557,6 +561,7 @@ static obj_handle_t device_file_flush( struct fd *fd, const async_data_t *async_
obj_handle_t handle; obj_handle_t handle;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.flush.major = IRP_MJ_FLUSH_BUFFERS; params.flush.major = IRP_MJ_FLUSH_BUFFERS;
params.flush.file = file->user_ptr; params.flush.file = file->user_ptr;
...@@ -576,6 +581,7 @@ static obj_handle_t device_file_ioctl( struct fd *fd, ioctl_code_t code, const a ...@@ -576,6 +581,7 @@ static obj_handle_t device_file_ioctl( struct fd *fd, ioctl_code_t code, const a
obj_handle_t handle; obj_handle_t handle;
irp_params_t params; irp_params_t params;
memset( &params, 0, sizeof(params) );
params.ioctl.major = IRP_MJ_DEVICE_CONTROL; params.ioctl.major = IRP_MJ_DEVICE_CONTROL;
params.ioctl.code = code; params.ioctl.code = code;
params.ioctl.file = file->user_ptr; params.ioctl.file = file->user_ptr;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment