Searched hist:c6bf514c (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/net/bluetooth/ |
H A D | hci_core.c | c6bf514c Sun Nov 30 05:17:19 CST 2008 Vegard Nossum <vegard.nossum@gmail.com> Bluetooth: Fix leak of uninitialized data to userspace
struct hci_dev_list_req { __u16 dev_num; struct hci_dev_req dev_req[0]; /* hci_dev_req structures */ };
sizeof(struct hci_dev_list_req) == 4, so the two bytes immediately following "dev_num" will never be initialized. When this structure is copied to userspace, these uninitialized bytes are leaked.
Fix by using kzalloc() instead of kmalloc(). Found using kmemcheck.
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> c6bf514c Sun Nov 30 05:17:19 CST 2008 Vegard Nossum <vegard.nossum@gmail.com> Bluetooth: Fix leak of uninitialized data to userspace struct hci_dev_list_req { __u16 dev_num; struct hci_dev_req dev_req[0]; /* hci_dev_req structures */ }; sizeof(struct hci_dev_list_req) == 4, so the two bytes immediately following "dev_num" will never be initialized. When this structure is copied to userspace, these uninitialized bytes are leaked. Fix by using kzalloc() instead of kmalloc(). Found using kmemcheck. Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|