projects
/
GitHub
/
LineageOS
/
android_kernel_samsung_universal7580.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6d1d4ea
)
Bluetooth: l2cap: fix 1 byte infoleak to userspace
author
Vasiliy Kulikov
<segoon@openwall.com>
Thu, 10 Feb 2011 17:59:42 +0000
(20:59 +0300)
committer
Gustavo F. Padovan
<padovan@profusion.mobi>
Fri, 11 Feb 2011 17:21:29 +0000
(15:21 -0200)
Structure l2cap_options has one padding byte between max_tx and
txwin_size fields. This byte in "opts" is copied to userspace
uninitialized.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
net/bluetooth/l2cap_sock.c
patch
|
blob
|
blame
|
history
diff --git
a/net/bluetooth/l2cap_sock.c
b/net/bluetooth/l2cap_sock.c
index adf41692daf304f2de25b74190ef0d04bc0ebfb0..21f5385ca24db79b83edb9a5427c465fb3ec7bfb 100644
(file)
--- a/
net/bluetooth/l2cap_sock.c
+++ b/
net/bluetooth/l2cap_sock.c
@@
-392,6
+392,7
@@
static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
switch (optname) {
case L2CAP_OPTIONS:
+ memset(&opts, 0, sizeof(opts));
opts.imtu = l2cap_pi(sk)->imtu;
opts.omtu = l2cap_pi(sk)->omtu;
opts.flush_to = l2cap_pi(sk)->flush_to;