Skip to content

Commit e15ca9a

Browse files
miniplidavem330
authored andcommitted
Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
The HCI code fails to initialize the two padding bytes of struct hci_ufilter before copying it to userland -- that for leaking two bytes kernel stack. Add an explicit memset(0) before filling the structure to avoid the info leak. Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Marcel Holtmann <marcel@holtmann.org> Cc: Gustavo Padovan <gustavo@padovan.org> Cc: Johan Hedberg <johan.hedberg@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 3c0c5cf commit e15ca9a

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Diff for: net/bluetooth/hci_sock.c

+1
Original file line numberDiff line numberDiff line change
@@ -1009,6 +1009,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname,
10091009
{
10101010
struct hci_filter *f = &hci_pi(sk)->filter;
10111011

1012+
memset(&uf, 0, sizeof(uf));
10121013
uf.type_mask = f->type_mask;
10131014
uf.opcode = f->opcode;
10141015
uf.event_mask[0] = *((u32 *) f->event_mask + 0);

0 commit comments

Comments
 (0)