diff options
author | Marcel Holtmann <marcel@holtmann.org> | 2007-05-05 00:35:59 +0200 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2007-05-05 00:35:59 +0200 |
commit | 0878b6667f28772aa7d6b735abff53efc7bf6d91 (patch) | |
tree | 5a1dbfb35f679335fbec4cbd17dfe64926db7750 /fs/cifs/asn1.c | |
parent | dc87c3985e9b442c60994308a96f887579addc39 (diff) |
[Bluetooth] Fix L2CAP and HCI setsockopt() information leaks
The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.
If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.
To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'fs/cifs/asn1.c')
0 files changed, 0 insertions, 0 deletions