mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-02 15:18:19 +00:00
Bluetooth: Fix leak of uninitialized data to userspace
struct hci_dev_list_req { __u16 dev_num; struct hci_dev_req dev_req[0]; /* hci_dev_req structures */ }; sizeof(struct hci_dev_list_req) == 4, so the two bytes immediately following "dev_num" will never be initialized. When this structure is copied to userspace, these uninitialized bytes are leaked. Fix by using kzalloc() instead of kmalloc(). Found using kmemcheck. Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
parent
7644d63d13
commit
c6bf514c6e
1 changed files with 1 additions and 1 deletions
|
@ -756,7 +756,7 @@ int hci_get_dev_list(void __user *arg)
|
||||||
|
|
||||||
size = sizeof(*dl) + dev_num * sizeof(*dr);
|
size = sizeof(*dl) + dev_num * sizeof(*dr);
|
||||||
|
|
||||||
if (!(dl = kmalloc(size, GFP_KERNEL)))
|
if (!(dl = kzalloc(size, GFP_KERNEL)))
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
dr = dl->dev_req;
|
dr = dl->dev_req;
|
||||||
|
|
Loading…
Reference in a new issue