Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
authorFilip Palian <s3810@pjwstk.edu.pl>
Fri, 5 Aug 2011 10:48:56 +0000 (11:48 +0100)
committerHerton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Mon, 29 Aug 2011 19:23:09 +0000 (16:23 -0300)
commita7945fcdfd696463783b76e618a185541216f6be
tree790d63e245e6d6c60af0c5a45bd66bba00ce99d6
parent0c23994bcfe8f2c5a90f3cfbc452e9953fe00e17
Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.

Structures "l2cap_conninfo" and "rfcomm_conninfo" have one padding
byte each. This byte in "cinfo" is copied to userspace uninitialized.

Signed-off-by: Filip Palian <filip.palian@pjwstk.edu.pl>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
(backported from commit 8d03e971cf403305217b8e62db3a2e5ad2d6263f)
CVE-2011-2492
BugLink: http://bugs.launchpad.net/bugs/819569
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
net/bluetooth/l2cap.c
net/bluetooth/rfcomm/sock.c