Bluetooth: bnep: fix information leak to userland

Structure bnep_conninfo is copied to userland with the field "device" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

Bluetooth: bnep: fix information leak to userland
Structure bnep_conninfo is copied to userland with the field "device" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
5520d20f · Vasiliy Kulikov · Gustavo F. Padovan · 127178d2 · 5520d20f
Commit 5520d20f authored Oct 30, 2010 by Vasiliy Kulikov Committed by Gustavo F. Padovan Dec 01, 2010
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

net/bluetooth/bnep/core.c net/bluetooth/bnep/core.c +1 -0

No files found.
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -648,6 +648,7 @@ int bnep_del_connection(struct bnep_conndel_req *req)

 static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)
 {
+	memset(ci, 0, sizeof(*ci));
 	memcpy(ci->dst, s->eh.h_source, ETH_ALEN);
 	strcpy(ci->device, s->dev->name);
 	ci->flags = s->flags;