Bluetooth: bnep: fix information leak to userland

Structure bnep_conninfo is copied to userland with the field "device"
that has the last elements unitialized.  It leads to leaking of
contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index f10b41fb05a0e1cd51ebae02320f755c249ef0a3..5868597534e529b4c33d1e603cbe38bed740a4ad 100644 (file)
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -648,6 +648,7 @@ int bnep_del_connection(struct bnep_conndel_req *req)
 
 static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)
 {
+       memset(ci, 0, sizeof(*ci));
        memcpy(ci->dst, s->eh.h_source, ETH_ALEN);
        strcpy(ci->device, s->dev->name);
        ci->flags = s->flags;