Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
authorFilip Palian <s3810@pjwstk.edu.pl>
Fri, 5 Aug 2011 10:48:56 +0000 (11:48 +0100)
committerAndy Whitcroft <apw@canonical.com>
Mon, 8 Aug 2011 10:49:08 +0000 (11:49 +0100)
commit0d687f55f2c18a884fd9385c7f7362cd5a3d9a88
treeb6c792cf7e4e4c95130fd4928996c98b416c713c
parentf79f0d05d67c9f8fec7fae0415df34b06fd532ce
Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.

Structures "l2cap_conninfo" and "rfcomm_conninfo" have one padding
byte each. This byte in "cinfo" is copied to userspace uninitialized.

Signed-off-by: Filip Palian <filip.palian@pjwstk.edu.pl>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
(backported from commit 8d03e971cf403305217b8e62db3a2e5ad2d6263f)
CVE-2011-2492
BugLink: http://bugs.launchpad.net/bugs/819569
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
net/bluetooth/l2cap.c
net/bluetooth/rfcomm/sock.c