Bluetooth: HCI - Fix info leak via getsockname()
The HCI code fails to initialize the hci_channel member of struct sockaddr_hci and that for leaks two bytes kernel stack via the getsockname() syscall. Initialize hci_channel with 0 to avoid the info leak. Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Marcel Holtmann <marcel@holtmann.org> Cc: Gustavo Padovan <gustavo@padovan.org> Cc: Johan Hedberg <johan.hedberg@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Родитель
e15ca9a0ef
Коммит
3f68ba07b1
|
@ -694,6 +694,7 @@ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr,
|
||||||
*addr_len = sizeof(*haddr);
|
*addr_len = sizeof(*haddr);
|
||||||
haddr->hci_family = AF_BLUETOOTH;
|
haddr->hci_family = AF_BLUETOOTH;
|
||||||
haddr->hci_dev = hdev->id;
|
haddr->hci_dev = hdev->id;
|
||||||
|
haddr->hci_channel= 0;
|
||||||
|
|
||||||
release_sock(sk);
|
release_sock(sk);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Загрузка…
Ссылка в новой задаче