0878b6667f28772aa7d6b735abff53efc7bf6d91 - arm/linux

commit	0878b6667f28772aa7d6b735abff53efc7bf6d91	[log] [tgz]
author	Marcel Holtmann <marcel@holtmann.org>	Sat May 05 00:35:59 2007 +0200
committer	Marcel Holtmann <marcel@holtmann.org>	Sat May 05 00:35:59 2007 +0200
tree	5a1dbfb35f679335fbec4cbd17dfe64926db7750
parent	dc87c3985e9b442c60994308a96f887579addc39 [diff]

[Bluetooth] Fix L2CAP and HCI setsockopt() information leaks

The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.

If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.

To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

net/bluetooth/hci_sock.c[diff]
net/bluetooth/l2cap.c[diff]

2 files changed

tree: 5a1dbfb35f679335fbec4cbd17dfe64926db7750

arch/
block/
crypto/
Documentation/
drivers/
fs/
include/
init/
ipc/
kernel/
lib/
mm/
net/
scripts/
security/
sound/
usr/
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
MAINTAINERS
Makefile
README
REPORTING-BUGS