Skip to content
This repository has been archived by the owner on Sep 24, 2020. It is now read-only.

Commit

Permalink
Bluetooth: L2CAP - Fix info leak via getsockname()
Browse files Browse the repository at this point in the history 
The L2CAP code fails to initialize the l2_bdaddr_type member of struct
sockaddr_l2 and the padding byte added for alignment. It that for leaks
two bytes kernel stack via the getsockname() syscall. Add an explicit
memset(0) before filling the structure to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
@minipli @davem330
minipli authored and davem330 committed Aug 16, 2012
1 parent 9344a97 commit 792039c
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/bluetooth/l2cap_sock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,7 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l

BT_DBG("sock %p, sk %p", sock, sk);

memset(la, 0, sizeof(struct sockaddr_l2));
addr->sa_family = AF_BLUETOOTH;
*len = sizeof(struct sockaddr_l2);

Expand Down

0 comments on commit 792039c

Please sign in to comment.