Re: [PATCH 2.6.28] bluetooth: fix leak of uninitialized data touserspace

From: Marcel Holtmann
Date: Sun Oct 05 2008 - 12:32:32 EST

Next message: Alan Cox: "[PATCH 68/76] tty: Minor tidyups and document fixes for n_tty"
Previous message: Alan Cox: "[PATCH 67/76] tty: Remove lots of NULL checks"
In reply to: Vegard Nossum: "[PATCH 2.6.28] bluetooth: fix leak of uninitialized data touserspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Vegard,

> From 45be27894a18f87b71b855fcc4afd50f860254b4 Mon Sep 17 00:00:00 2001
> From: Vegard Nossum <vegard.nossum@xxxxxxxxx>
> Date: Sun, 5 Oct 2008 17:25:45 +0200
> Subject: [PATCH] bluetooth: fix leak of uninitialized data to userspace
>
> struct hci_dev_list_req {
> __u16 dev_num;
> struct hci_dev_req dev_req[0]; /* hci_dev_req structures */
> };
>
> sizeof(struct hci_dev_list_req) == 4, so the two bytes immediately
> following "dev_num" will never be initialized. When this structure
> is copied to userspace, these uninitialized bytes are leaked.
>
> Fix by using kzalloc() instead of kmalloc(). Found using kmemcheck.

good catch. I thought we moved everything over to kzalloc, but as it
seems we forgot at least one. Applied your patch to me tree. Thanks.

Regards

Marcel

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "[PATCH 68/76] tty: Minor tidyups and document fixes for n_tty"
Previous message: Alan Cox: "[PATCH 67/76] tty: Remove lots of NULL checks"
In reply to: Vegard Nossum: "[PATCH 2.6.28] bluetooth: fix leak of uninitialized data touserspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]