mirror of
https://github.com/torvalds/linux.git
synced 2025-12-07 20:06:24 +00:00
0878b6667f
The L2CAP and HCI setsockopt() implementations have a small information leak that makes it possible to leak kernel stack memory to userspace. If the optlen parameter is 0, no data will be copied by copy_from_user(), but the uninitialized stack buffer will be read and stored later. A call to getsockopt() can now retrieve the leaked information. To fix this problem the stack buffer given to copy_from_user() must be initialized with the current settings. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
49 KiB
49 KiB