Bluetooth: cmtp: fix information leak to userland

Structure cmtp_conninfo is copied to userland with some padding fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>

Bluetooth: cmtp: fix information leak to userland
Structure cmtp_conninfo is copied to userland with some padding fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
3185fbd9 · Vasiliy Kulikov · Gustavo F. Padovan · 5520d20f · 3185fbd9
Commit 3185fbd9 authored Oct 30, 2010 by Vasiliy Kulikov Committed by Gustavo F. Padovan Dec 01, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

net/bluetooth/cmtp/core.c net/bluetooth/cmtp/core.c +1 -0

No files found.
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -78,6 +78,7 @@ static void __cmtp_unlink_session(struct cmtp_session *session)

 static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)
 {
+	memset(ci, 0, sizeof(*ci));
 	bacpy(&ci->bdaddr, &session->bdaddr);

 	ci->flags = session->flags;