releases/3.2.30/bluetooth-hci-fix-info-leak-via-getsockname.patch - pub/scm/linux/kernel/git/bwh/linux-stable-queue - Git at Google

 From: Mathias Krause <minipli@googlemail.com>
 Date: Wed, 15 Aug 2012 11:31:47 +0000
 Subject: Bluetooth: HCI - Fix info leak via getsockname()

 [ Upstream commit 3f68ba07b1da811bf383b4b701b129bfcb2e4988 ]

 The HCI code fails to initialize the hci_channel member of struct
 sockaddr_hci and that for leaks two bytes kernel stack via the
 getsockname() syscall. Initialize hci_channel with 0 to avoid the
 info leak.

 Signed-off-by: Mathias Krause <minipli@googlemail.com>
 Cc: Marcel Holtmann <marcel@holtmann.org>
 Cc: Gustavo Padovan <gustavo@padovan.org>
 Cc: Johan Hedberg <johan.hedberg@gmail.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 ---
  net/bluetooth/hci_sock.c | 1 +
  1 file changed, 1 insertion(+)

 diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
 index e4c8bc0..8361ee4 100644
 --- a/net/bluetooth/hci_sock.c
 +++ b/net/bluetooth/hci_sock.c
 @@ -388,6 +388,7 @@ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *add
  	*addr_len = sizeof(*haddr);
  	haddr->hci_family = AF_BLUETOOTH;
  	haddr->hci_dev    = hdev->id;
 +	haddr->hci_channel= 0;

  	release_sock(sk);
  	return 0;
	From: Mathias Krause <minipli@googlemail.com>
	Date: Wed, 15 Aug 2012 11:31:47 +0000
	Subject: Bluetooth: HCI - Fix info leak via getsockname()

	[ Upstream commit 3f68ba07b1da811bf383b4b701b129bfcb2e4988 ]

	The HCI code fails to initialize the hci_channel member of struct
	sockaddr_hci and that for leaks two bytes kernel stack via the
	getsockname() syscall. Initialize hci_channel with 0 to avoid the
	info leak.

	Signed-off-by: Mathias Krause <minipli@googlemail.com>
	Cc: Marcel Holtmann <marcel@holtmann.org>
	Cc: Gustavo Padovan <gustavo@padovan.org>
	Cc: Johan Hedberg <johan.hedberg@gmail.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
	---
	net/bluetooth/hci_sock.c \| 1 +
	1 file changed, 1 insertion(+)

	diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
	index e4c8bc0..8361ee4 100644
	--- a/net/bluetooth/hci_sock.c
	+++ b/net/bluetooth/hci_sock.c
	@@ -388,6 +388,7 @@ static int hci_sock_getname(struct socket sock, struct sockaddr addr, int *add
	addr_len = sizeof(haddr);
	haddr->hci_family = AF_BLUETOOTH;
	haddr->hci_dev = hdev->id;
	+ haddr->hci_channel= 0;

	release_sock(sk);
	return 0;