lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0878b6667f
android_kernel_xiaomi_sm8350/net/bluetooth
History
Marcel Holtmann 0878b6667f [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks 
The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.

If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.

To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-05 00:35:59 +02:00
..
bnep [SK_BUFF]: Introduce skb_copy_from_linear_data{_offset} 2007-04-25 22:28:23 -07:00
cmtp [SK_BUFF]: Introduce skb_copy_from_linear_data{_offset} 2007-04-25 22:28:23 -07:00
hidp [PATCH] bluetooth hid quirks: mightymouse quirk 2007-03-29 08:22:24 -07:00
rfcomm [BLUETOOTH] rfcomm_worker(): fix wakeup race 2007-04-26 01:41:01 -07:00
af_bluetooth.c [SK_BUFF]: Introduce skb_reset_transport_header(skb) 2007-04-25 22:25:15 -07:00
hci_conn.c [NET] BLUETOOTH: Use cpu_to_le{16,32}() where appropriate. 2007-04-25 22:23:54 -07:00
hci_core.c [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00
hci_event.c [NET] BLUETOOTH: Use cpu_to_le{16,32}() where appropriate. 2007-04-25 22:23:54 -07:00
hci_sock.c [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks 2007-05-05 00:35:59 +02:00
hci_sysfs.c
Kconfig
l2cap.c [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks 2007-05-05 00:35:59 +02:00
lib.c [NET] BLUETOOTH: Fix whitespace errors. 2007-02-10 23:19:20 -08:00
Makefile
sco.c [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00