Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 14:42:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bluetooth: Fix leak of uninitialized data to userspace

Browse Source 
struct hci_dev_list_req {
            __u16  dev_num;
            struct hci_dev_req dev_req[0];  /* hci_dev_req structures */
    };

sizeof(struct hci_dev_list_req) == 4, so the two bytes immediately
following "dev_num" will never be initialized. When this structure
is copied to userspace, these uninitialized bytes are leaked.

Fix by using kzalloc() instead of kmalloc(). Found using kmemcheck.

Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
Vegard Nossum 2008-11-30 12:17:19 +01:00 committed by Marcel Holtmann
parent 7644d63d13
commit c6bf514c6e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/bluetooth/hci_core.c
View File

@ -756,7 +756,7 @@ int hci_get_dev_list(void __user *arg)
size = sizeof(*dl) + dev_num * sizeof(*dr);
if (!(dl = kmalloc(size, GFP_KERNEL)))
if (!(dl = kzalloc(size, GFP_KERNEL)))
return -ENOMEM;
dr = dl->dev_req;