Message ID | 1288448787-5848-1-git-send-email-segooon@gmail.com |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
Hi Vasiliy, > Structure cmtp_conninfo is copied to userland with some padding fields > unitialized. It leads to leaking of contents of kernel stack memory. > > Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
* Marcel Holtmann <marcel@holtmann.org> [2010-11-02 16:35:58 +0100]: > Hi Vasiliy, > > > Structure cmtp_conninfo is copied to userland with some padding fields > > unitialized. It leads to leaking of contents of kernel stack memory. > > > > Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> > > Acked-by: Marcel Holtmann <marcel@holtmann.org> Applied, thanks.
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c index ec0a134..8e5f292 100644 --- a/net/bluetooth/cmtp/core.c +++ b/net/bluetooth/cmtp/core.c @@ -78,6 +78,7 @@ static void __cmtp_unlink_session(struct cmtp_session *session) static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci) { + memset(ci, 0, sizeof(*ci)); bacpy(&ci->bdaddr, &session->bdaddr); ci->flags = session->flags;
Structure cmtp_conninfo is copied to userland with some padding fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> --- Compile tested. net/bluetooth/cmtp/core.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)