Bluetooth: bnep: fix information leak to userland Structure bnep_conninfo is copied to userland with the field "device" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

commit: 5520d20f68310fc158dcbbecfd5eac5cdfc5a241 [log] [tgz]
author: Vasiliy Kulikov <segooon@gmail.com> Sat Oct 30 18:26:21 2010 +0400
committer: Gustavo F. Padovan <padovan@profusion.mobi> Wed Dec 01 21:04:35 2010 -0200
tree: 05b0f420d0634bd98e80ed58618e9b03917e08a1
parent: 127178d24c7eb2df53b1ba2b6f6f743e88178a1b [diff]
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index f10b41f..5868597 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c

@@ -648,6 +648,7 @@
 
 static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)
 {
+	memset(ci, 0, sizeof(*ci));
 	memcpy(ci->dst, s->eh.h_source, ETH_ALEN);
 	strcpy(ci->device, s->dev->name);
 	ci->flags = s->flags;
commit	5520d20f68310fc158dcbbecfd5eac5cdfc5a241	[log] [tgz]
author	Vasiliy Kulikov <segooon@gmail.com>	Sat Oct 30 18:26:21 2010 +0400
committer	Gustavo F. Padovan <padovan@profusion.mobi>	Wed Dec 01 21:04:35 2010 -0200
tree	05b0f420d0634bd98e80ed58618e9b03917e08a1
parent	127178d24c7eb2df53b1ba2b6f6f743e88178a1b [diff]