Bluetooth: cmtp: fix information leak to userland

Structure cmtp_conninfo is copied to userland with some padding fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: N Vasiliy Kulikov <segooon@gmail.com> Acked-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Gustavo F. Padovan <padovan@profusion.mobi>

Bluetooth: cmtp: fix information leak to userland
Structure cmtp_conninfo is copied to userland with some padding fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: N Vasiliy Kulikov <segooon@gmail.com> Acked-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Gustavo F. Padovan <padovan@profusion.mobi>
3185fbd9 · Vasiliy Kulikov · Gustavo F. Padovan · 5520d20f · 3185fbd9
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

net/bluetooth/cmtp/core.c net/bluetooth/cmtp/core.c +1 -0

未找到文件。
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -78,6 +78,7 @@ static void __cmtp_unlink_session(struct cmtp_session *session)

 static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)
 {
+	memset(ci, 0, sizeof(*ci));
 	bacpy(&ci->bdaddr, &session->bdaddr);

 	ci->flags = session->flags;