| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1223223855.11272.104.camel@violet.holtmann.net>
Date: Sun, 05 Oct 2008 18:24:15 +0200
From: Marcel Holtmann <marcel@...tmann.org>
To: Vegard Nossum <vegard.nossum@...il.com>
Cc: Ingo Molnar <mingo@...e.hu>, Pekka Enberg <penberg@...helsinki.fi>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2.6.28] bluetooth: fix leak of uninitialized data to
userspace
Hi Vegard,
> From 45be27894a18f87b71b855fcc4afd50f860254b4 Mon Sep 17 00:00:00 2001
> From: Vegard Nossum <vegard.nossum@...il.com>
> Date: Sun, 5 Oct 2008 17:25:45 +0200
> Subject: [PATCH] bluetooth: fix leak of uninitialized data to userspace
>
> struct hci_dev_list_req {
> __u16 dev_num;
> struct hci_dev_req dev_req[0]; /* hci_dev_req structures */
> };
>
> sizeof(struct hci_dev_list_req) == 4, so the two bytes immediately
> following "dev_num" will never be initialized. When this structure
> is copied to userspace, these uninitialized bytes are leaked.
>
> Fix by using kzalloc() instead of kmalloc(). Found using kmemcheck.
good catch. I thought we moved everything over to kzalloc, but as it
seems we forgot at least one. Applied your patch to me tree. Thanks.
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists