OpenCloudOS-Kernel/net/bluetooth
Mathias Krause f9432c5ec8 Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST)
The RFCOMM code fails to initialize the two padding bytes of struct
rfcomm_dev_list_req inserted for alignment before copying it to
userland. Additionally there are two padding bytes in each instance of
struct rfcomm_dev_info. The ioctl() that for disclosures two bytes plus
dev_num times two bytes uninitialized kernel heap memory.

Allocate the memory using kzalloc() to fix this issue.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-15 21:36:30 -07:00
..
bnep Bluetooth: Remove unnecessary headers include 2012-06-05 06:34:08 +03:00
cmtp Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
hidp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-06-28 17:37:00 -07:00
rfcomm Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) 2012-08-15 21:36:30 -07:00
Kconfig Bluetooth: Fix Kconfig help description 2012-02-29 18:50:25 +02:00
Makefile Bluetooth: A2MP: Create A2MP channel 2012-06-05 06:34:11 +03:00
a2mp.c Bluetooth: debug: Print amp_mgr refcnt 2012-07-11 10:09:37 -03:00
af_bluetooth.c Bluetooth: Fix checking the wrong flag when accepting a socket 2012-06-05 06:34:16 +03:00
hci_conn.c Bluetooth: Route traffic only through BR/EDR controller 2012-06-30 12:15:32 -03:00
hci_core.c Bluetooth: debug: Add printing num of cmds queued 2012-07-10 15:35:27 -03:00
hci_event.c Bluetooth: Set name_state to unknown when entry name is empty 2012-08-06 15:19:36 -03:00
hci_sock.c Bluetooth: HCI - Fix info leak via getsockname() 2012-08-15 21:36:30 -07:00
hci_sysfs.c Bluetooth: Remove unnecessary headers include 2012-06-05 06:34:08 +03:00
l2cap_core.c Bluetooth: Fix legacy pairing with some devices 2012-08-06 15:19:36 -03:00
l2cap_sock.c Bluetooth: Fix socket not getting freed if l2cap channel create fails 2012-08-06 15:19:37 -03:00
lib.c Bluetooth: Remove unnecessary headers include 2012-06-05 06:34:08 +03:00
mgmt.c Bluetooth: Change page scan interval in fast connectable mode 2012-07-16 10:50:11 -03:00
sco.c Bluetooth: Fix possible deadlock in SCO code 2012-08-06 15:19:36 -03:00
smp.c Bluetooth: smp: Fix possible NULL dereference 2012-08-06 15:19:37 -03:00