| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 May 2011 18:31:32 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: Filip Palian <s3810@...stk.edu.pl>
Cc: Marcel Holtmann <marcel@...tmann.org>,
"Gustavo F. Padovan" <padovan@...fusion.mobi>,
"David S. Miller" <davem@...emloft.net>,
linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, security@...nel.org
Subject: Re: [oss-security] Bluetooth: l2cap and rfcomm: fix 1 byte
infoleak to userspace.
On Sun, May 08, 2011 at 21:57 +0200, Filip Palian wrote:
> Structures "l2cap_conninfo" and "rfcomm_conninfo" have one padding
> byte each. This byte in "cinfo" is copied to userspace uninitialized.
Your mail client mangles the patch, it should contain original
identation tabs, not spaces. Please see Documentation/email-clients.txt.
> patch no.1:
Don't send 2 patches as one email. Either send 2 email or merge them
into one patch (if they are similar changes). You'll ease maintainers'
work.
> Found by Marek Kroemeke and Filip Palian.
Please see Documentation/SubmittingPatches, chapter 12 to find out how
to sign the patch.
And please don't crosspost to oss-security and LKML - send a separate
email to o-s with a short description of a bug and a link to the LKML
thread. LKML thread is a place to argue and discuss the solution, but
o-s subscribers are probably not interested in such a discussion.
Thanks,
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists