------------------------------------------------------------------------
*From*: 	P J P
*Subject*: 	[Qemu-devel] [PATCH v2] scsi: megasas: initialise local
configuration data buffer
*Date*: 	Wed, 25 May 2016 17:41:44 +0530

------------------------------------------------------------------------

From: Prasad J Pandit <address@hidden>

When reading MegaRAID SAS controller configuration via MegaRAID
Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read
uses an uninitialised local data buffer. Initialise this buffer
to avoid stack information leakage.

Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/scsi/megasas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Update as per
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04402.html

diff --git a/tools/qemu-xen/hw/scsi/megasas.c b/tools/qemu-xen/hw/scsi/megasas.c
index dcbd3e1..bf642d4 100644
--- a/tools/qemu-xen/hw/scsi/megasas.c
+++ b/tools/qemu-xen/hw/scsi/megasas.c
@@ -1293,7 +1293,7 @@ static int megasas_dcmd_ld_get_info(MegasasState *s, MegasasCmd *cmd)
 
 static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd)
 {
-    uint8_t data[4096];
+    uint8_t data[4096] = { 0 };
     struct mfi_config_data *info;
     int num_pd_disks = 0, array_offset, ld_offset;
     BusChild *kid;
-- 
2.5.5