[PATCH] bluetooth: bnep: fix information leak to userland

From: Vasiliy Kulikov
Date: Sat Oct 30 2010 - 10:26:39 EST

Next message: Vasiliy Kulikov: "[PATCH] bluetooth: hidp: fix information leak to userland"
Previous message: Vasiliy Kulikov: "[PATCH] xfs: linux-2.6: xfs_ioctl: fix information leak to userland"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Structure bnep_conninfo is copied to userland with the field "device"
that has the last elements unitialized. It leads to leaking of
contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@xxxxxxxxx>
---
Compile tested.

net/bluetooth/bnep/core.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index f10b41f..5868597 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -648,6 +648,7 @@ int bnep_del_connection(struct bnep_conndel_req *req)

static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)
{
+ memset(ci, 0, sizeof(*ci));
memcpy(ci->dst, s->eh.h_source, ETH_ALEN);
strcpy(ci->device, s->dev->name);
ci->flags = s->flags;
--
1.7.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vasiliy Kulikov: "[PATCH] bluetooth: hidp: fix information leak to userland"
Previous message: Vasiliy Kulikov: "[PATCH] xfs: linux-2.6: xfs_ioctl: fix information leak to userland"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]