This is a note to let you know that I've just added the patch titled
Bluetooth: L2CAP - Fix info leak via getsockname()
to the 3.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bluetooth-l2cap-fix-info-leak-via-getsockname.patch
and it can be found in the queue-3.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 5354da9f7562082e55436859380ffb5f7ff21253 Mon Sep 17 00:00:00 2001
From: Mathias Krause <[email protected]>
Date: Wed, 15 Aug 2012 11:31:51 +0000
Subject: Bluetooth: L2CAP - Fix info leak via getsockname()
From: Mathias Krause <[email protected]>
[ Upstream commit 792039c73cf176c8e39a6e8beef2c94ff46522ed ]
The L2CAP code fails to initialize the l2_bdaddr_type member of struct
sockaddr_l2 and the padding byte added for alignment. It that for leaks
two bytes kernel stack via the getsockname() syscall. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Marcel Holtmann <[email protected]>
Cc: Gustavo Padovan <[email protected]>
Cc: Johan Hedberg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/bluetooth/l2cap_sock.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -242,6 +242,7 @@ static int l2cap_sock_getname(struct soc
BT_DBG("sock %p, sk %p", sock, sk);
+ memset(la, 0, sizeof(struct sockaddr_l2));
addr->sa_family = AF_BLUETOOTH;
*len = sizeof(struct sockaddr_l2);
Patches currently in stable-queue which might be from [email protected] are
queue-3.4/ipvs-fix-info-leak-in-getsockopt-ip_vs_so_get_timeout.patch
queue-3.4/bluetooth-rfcomm-fix-info-leak-via-getsockname.patch
queue-3.4/bluetooth-hci-fix-info-leak-in-getsockopt-hci_filter.patch
queue-3.4/bluetooth-hci-fix-info-leak-via-getsockname.patch
queue-3.4/atm-fix-info-leak-in-getsockopt-so_atmpvc.patch
queue-3.4/llc-fix-info-leak-via-getsockname.patch
queue-3.4/net-fix-info-leak-in-compat-dev_ifconf.patch
queue-3.4/bluetooth-rfcomm-fix-info-leak-in-getsockopt-bt_security.patch
queue-3.4/atm-fix-info-leak-via-getsockname.patch
queue-3.4/bluetooth-l2cap-fix-info-leak-via-getsockname.patch
queue-3.4/dccp-fix-info-leak-via-getsockopt-dccp_sockopt_ccid_tx_info.patch
queue-3.4/bluetooth-rfcomm-fix-info-leak-in-ioctl-rfcommgetdevlist.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
