1
linux/net
Vegard Nossum c6bf514c6e Bluetooth: Fix leak of uninitialized data to userspace
struct hci_dev_list_req {
            __u16  dev_num;
            struct hci_dev_req dev_req[0];  /* hci_dev_req structures */
    };

sizeof(struct hci_dev_list_req) == 4, so the two bytes immediately
following "dev_num" will never be initialized. When this structure
is copied to userspace, these uninitialized bytes are leaked.

Fix by using kzalloc() instead of kmalloc(). Found using kmemcheck.

Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-11-30 12:17:19 +01:00
..
9p net: remove redundant argument comments 2008-11-21 17:15:03 -08:00
802 hippi: convert driver to net_device_ops 2008-11-20 20:32:15 -08:00
8021q vlan: convert to net_device_ops 2008-11-19 22:42:41 -08:00
appletalk netdevice: safe convert to netdev_priv() #part-4 2008-11-12 23:39:10 -08:00
atm netdevice: safe convert to netdev_priv() #part-4 2008-11-12 23:39:10 -08:00
ax25 ax25: fix warning in net/ax25/sysctl_net_ax25.c 2008-11-25 16:58:19 -08:00
bluetooth Bluetooth: Fix leak of uninitialized data to userspace 2008-11-30 12:17:19 +01:00
bridge Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
can
core Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-11-26 23:48:40 -08:00
dcb DCB: fix kconfig option 2008-11-25 01:02:08 -08:00
dccp net: Use a percpu_counter for orphan_count 2008-11-25 21:17:14 -08:00
decnet decnet: remove private wrappers of endian helpers 2008-11-27 00:12:47 -08:00
dsa dsa: fix warning in net/dsa/mv88e6060.c 2008-11-25 16:51:13 -08:00
econet
ethernet eth: Declare an optimized compare_ether_addr_64bits() function 2008-11-23 23:24:32 -08:00
ipv4 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
ipv6 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
ipx
irda netdevice: safe convert to netdev_priv() #part-4 2008-11-12 23:39:10 -08:00
iucv
key netns PF_KEY: per-netns /proc/pfkey 2008-11-25 17:59:00 -08:00
lapb
llc net: remove redundant argument comments 2008-11-21 17:15:03 -08:00
mac80211 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-11-26 23:48:40 -08:00
netfilter Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
netlabel net: remove redundant argument comments 2008-11-21 17:15:03 -08:00
netlink netlink: allow empty nested attributes 2008-11-28 03:05:19 -08:00
netrom
packet net: Make sure BHs are disabled in sock_prot_inuse_add() 2008-11-24 00:09:29 -08:00
phonet Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-11-20 16:44:00 -08:00
rfkill rfkill: always call get_state() hook on resume 2008-11-26 09:47:44 -05:00
rose Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-11-26 23:48:40 -08:00
rxrpc
sched pkt_sched: fix sparse warning 2008-11-28 03:06:46 -08:00
sctp sctp: fix missing label when PROC_FS=n 2008-11-27 15:30:53 -08:00
sunrpc sunrpc: fix warning in net/sunrpc/xprtrdma/verbs.c 2008-11-25 16:58:42 -08:00
tipc tipc: trivial endian annotation in debug statement 2008-11-07 23:37:50 -08:00
unix net: Use a percpu_counter for sockets_allocated 2008-11-25 21:16:35 -08:00
wanrouter netdevice wanrouter: Convert directly reference of netdev->priv 2008-11-20 04:26:21 -08:00
wireless nl80211: Change max TX power to be in mBm instead of dBm 2008-11-26 09:47:48 -05:00
x25
xfrm netns xfrm: per-netns sysctls 2008-11-25 18:00:48 -08:00
compat.c reintroduce accept4 2008-11-19 18:49:57 -08:00
Kconfig net/ieee80211 -> drivers/net/ipw2x00/libipw_* rename 2008-11-21 11:08:18 -05:00
Makefile DCB: fix kconfig option 2008-11-25 01:02:08 -08:00
nonet.c
socket.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-11-20 16:44:00 -08:00
sysctl_net.c
TUNABLE