Bluetooth: cmtp: fix information leak to userland Structure cmtp_conninfo is copied to userland with some padding fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

commit: 3185fbd9d7bb166992f072440b3329f58bf2c60a [log] [tgz]
author: Vasiliy Kulikov <segooon@gmail.com> Sat Oct 30 18:26:26 2010 +0400
committer: Gustavo F. Padovan <padovan@profusion.mobi> Wed Dec 01 21:04:35 2010 -0200
tree: 30f70ab76f2053f678d39dff3852a4ea0186825e
parent: 5520d20f68310fc158dcbbecfd5eac5cdfc5a241 [diff] [blame]
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index ec0a134..8e5f292 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c

@@ -78,6 +78,7 @@
 
 static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)
 {
+	memset(ci, 0, sizeof(*ci));
 	bacpy(&ci->bdaddr, &session->bdaddr);
 
 	ci->flags = session->flags;
commit	3185fbd9d7bb166992f072440b3329f58bf2c60a	[log] [tgz]
author	Vasiliy Kulikov <segooon@gmail.com>	Sat Oct 30 18:26:26 2010 +0400
committer	Gustavo F. Padovan <padovan@profusion.mobi>	Wed Dec 01 21:04:35 2010 -0200
tree	30f70ab76f2053f678d39dff3852a4ea0186825e
parent	5520d20f68310fc158dcbbecfd5eac5cdfc5a241 [diff] [blame]