Message ID | YuErMEjse5lgAMO3@kili |
---|---|
State | New |
Headers | show
Return-Path: <linux-bluetooth-owner@kernel.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32713C3F6B0 for <linux-bluetooth@archiver.kernel.org>; Wed, 27 Jul 2022 12:10:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232733AbiG0MKp (ORCPT <rfc822;linux-bluetooth@archiver.kernel.org>); Wed, 27 Jul 2022 08:10:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232160AbiG0MKm (ORCPT <rfc822;linux-bluetooth@vger.kernel.org>); Wed, 27 Jul 2022 08:10:42 -0400 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 612A323BCE; Wed, 27 Jul 2022 05:10:39 -0700 (PDT) Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 26RAA2LY010359; Wed, 27 Jul 2022 12:10:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : content-type : in-reply-to : mime-version; s=corp-2022-7-12; bh=qwufezThziH4vemZu2PBSKmMwCVobasDhEymouxYAbk=; b=Wp8jbX5yEe/yVt3PZz3ftw0N0REii80WNTNR4Pss0u9zFex5M1reUA/OFbyl/Q57saeA 5AvfsWOTq7ACUQH1UFqK8W3wKlHJV3qH3lVZfTbHzJHgCLgE76Zw9Nx91mskT56J9aRF i2CVDFHta5h/+NkgkzDClVVUptIXVnhPhA9DInUP14xQ5c8V8Cn+qhXYAboFPj5AxA7N FWMnvyn6aXtmaU/4lJAuDriLoSaL1YcurUhckuqMhHjFiTRpH4DJK4qauqB1edva3KXg guvAE/de1i02uEzPNqksPHRoa5Tu/WB4DLaezeHwTB42yQYSyvqmOKsidSS+qcQS01Nz TA== Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.appoci.oracle.com [130.35.100.223]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3hg9a9hcm5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 27 Jul 2022 12:10:36 +0000 Received: from pps.filterd (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 26RAhL5h034503; Wed, 27 Jul 2022 12:10:35 GMT Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2046.outbound.protection.outlook.com [104.47.66.46]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3hh6346ttq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 27 Jul 2022 12:10:35 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ENwiLcDGJivFXrRyf1tVfgyPPIn22QMZDyt2vprcXxoIWjcWnz4ohFIjkYr/We6nS6TYElRQbxjYR0B+Ve1hj2XU2k1L5D8/TKP7QUX1oZSn3GeZmShSWbfIhndoyFG2KgIT6PRZkA5GWRYMUuJmtak1QKAiHK4xUdmABynKYYKAJiWOLC05QdrjYWLrkcriO+lBFKLqdAbDbS+qSztGDitXlAeoNEIX4tEAiQYLbI/DZ0ckpZKyNbp0EF4tkkfxo2h7Sor41YjwXiUDZ+86sqvQ2YkgkU4J/6rACGcLqkdbvkUIXLl/cnsFGTG/xiNyK5l4IhSA3bmniwM8KkqGFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qwufezThziH4vemZu2PBSKmMwCVobasDhEymouxYAbk=; b=NSWZXRrjl4ixWvHyZsRcN4y/dPoX4lfGuwdmolctb7xfDHiJqqW0RJZJJH2FwmzFVRJgTbd0K4eaxFuHkvv0yx7RI/KTaz11NZbzwmrJFhm01Rh/1WNSsj2uDrg/Tny8nO6TMwPyGRE283MpDYYAWyGVYhPhJLEjRel0vBU7RJsADnaRrw+QMqmVyGWt3yadU6GJFtTBfG4APnLdXUpdZPT46ecIB7S1cAK7yHdytbBmAQ5K6sgCUNl/CJDDw6pU3BJ0kvsWzHUX2+VoVAWu09VHE0B8uYcGeiiopu4wdMhmRt4dm6JqV3Lyl06kYGT6JWmEcekqAFkCxxnDGzwE2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qwufezThziH4vemZu2PBSKmMwCVobasDhEymouxYAbk=; b=vbEqaTwnkroPbDQXhq4UmtGgTlk+0bJISEEE68mANBFK99GnSj7+CaBL0bKqZqzggFQ8Y6HlgCLK1Ae8fAR/H+ebrMbe54WKV6Ro4iW66soU2EJfHjuO50YzjZsRX8JaUzi9sQvZt2YUuQbt7Gr61/VVLOLXuBCr8pLMUmrTfRM= Received: from CY4PR1001MB2358.namprd10.prod.outlook.com (2603:10b6:910:4a::32) by BYAPR10MB3205.namprd10.prod.outlook.com (2603:10b6:a03:14d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.6; Wed, 27 Jul 2022 12:10:33 +0000 Received: from CY4PR1001MB2358.namprd10.prod.outlook.com ([fe80::eccc:6ecd:41f7:ed02]) by CY4PR1001MB2358.namprd10.prod.outlook.com ([fe80::eccc:6ecd:41f7:ed02%5]) with mapi id 15.20.5458.024; Wed, 27 Jul 2022 12:10:33 +0000 Date: Wed, 27 Jul 2022 15:10:24 +0300 From: Dan Carpenter <dan.carpenter@oracle.com> To: Marcel Holtmann <marcel@holtmann.org> Cc: Johan Hedberg <johan.hedberg@gmail.com>, Luiz Augusto von Dentz <luiz.dentz@gmail.com>, linux-bluetooth@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH 2/2] Bluetooth: ISO: fix info leak in iso_sock_getsockopt() Message-ID: <YuErMEjse5lgAMO3@kili> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <YuEq2Aey0VOrxPB+@kili> X-Mailer: git-send-email haha only kidding X-ClientProxiedBy: ZR0P278CA0151.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:41::12) To CY4PR1001MB2358.namprd10.prod.outlook.com (2603:10b6:910:4a::32) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c8169027-a0ff-4796-b669-08da6fc90178 X-MS-TrafficTypeDiagnostic: BYAPR10MB3205:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: z3ZP3Cdvesvzk3h4w6z404h1mlRs/5/IVgEsWRcQXvM/bO90b9aBXAZuUvyFnOP3LYsehBgyk567staKAacqwoj6g0TsnAk1OGhs7IZCWJodGW+ZBOkQQSX0gILDb47E3ITHjUmUPe4374u0RpvIM9wo10uyUt4AtFr8cPF+zZHLoTBmMpL7X4VZRt0QBh50LQu3OE/RuCWvA+HkXj2jPEcRr7TJ7k8S9wnOof227yHQwOPBe0nNTAu56QzRq0K2r9pYMEF4uFYCjbkS2wSqsQTje09gKoJcVLSpqGkCM4y1P8TV8QhPmkXWfjSiRDTIgFWLHibu4MgQkWEysgbRwuTdVj+Nnj2huciXh7miUuQwyrdrtRoDaIRXFJ85sOn5HQXlIZ7AC9sX6V9MRR3l6SMNkzCNRorQZRg3+g9cgTuYnrYRTjzHYbCTVovYNJtW9MVRKBLDnveXW1iGrl2JMHyZxEypKgL3zLYv6q91PS0mzNZ3GiwPZ9bxzrD1HM1m2fMs/NVKd1biE7Dq5cGuu5l9N+9yXD1ATBqKeNzC5r+2nA/SJ5EgwxTLxHpKNnKyF5QqVogDwhNp2DFtYZzo9Hqzm+HJa3jEe1oPe2vcoE48JUpdAurUk56S/FOhNLsFWbDuUhDMKQ/vcl+UT23jgfdZU5uTzQtgQKo0fRZ7+dl6n1N+KNa/Re7Yqgq6ioNrcL38pOgAEKq7OylFYJsmcigxkM3btKapLsJsMH+5lu7B/VR7KfTyZko8Nywf8dVcFC5i1ddGFiWsejwr1W3pFx7l/whLJHK/swxP/h29MczXGrB0/K37VJP7XHdpSH2N X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR1001MB2358.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(7916004)(39860400002)(366004)(136003)(396003)(346002)(376002)(52116002)(6916009)(54906003)(86362001)(6486002)(478600001)(8936002)(41300700001)(26005)(6512007)(9686003)(6506007)(6666004)(186003)(38350700002)(2906002)(83380400001)(38100700002)(33716001)(66556008)(4326008)(316002)(8676002)(66476007)(66946007)(44832011)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: XYiVWXWOnincdodNeYMJxkS5niOZ6jv2QEeglkRGzXMbC4wg6USNKWfiX4j0fijaHuDXUf02nYmqrdaqwjnUSxtRjoutiXk9s61r9jSpZ983X+uDybphh5fxvdffI8HQBy/OEVSO40aSEwU9g+eV3TyVYseOvyEtRv9mr5DqJ9VEw1TeDrfCiaOmx1an8YZpVNKvZsBTt4sXbVyqJZLH+QklsS7EZmkRfdhm/SpzGjOpAih2M4MSBnc5iDwhtWrVMSiOthVxjAeYi4aT+OXpDNiFcszGBszBY6oYUBIL/fyxcU9LHFLzwqR2WaL80y1W0IOg2583bvdaOUiStWx5224VWiSt6KEwKJz/ZEqEW2/9aN6PIia2C5obAThyenQr+fPianNOXjARseZ+oh/uX+CH8CQft/gU9VUqKx09U45JcVZNDxfS+4QyTwSASMxjVM+gCXp2fYlicqAAgV1Knf6a4mfljJCmba7mkW1rb5uVxIfHhpFMkT12eF4y3b5GnDwqg2GfGdN8TjxNa0yqlPaHbLl40+LwnTuw0sl0mpK7mExcNZVswQunIgKmPFfZCSRGLQZiLRFva3DJRM0lDiKbDEWpfXWMXTdOksO5r0mNoGS4XX9YucJ9Zr00Di8cbpqSfHlQdwQapi7cnUliK+UL3LFlhWAYN5vD1SBxxwr1JsoCq+DOXc8XqRJfTVr6jcksF9viOjleigcDaSb/aOb5GZYIWmsIMr/jumDaGjmgjeYo1Qid9+SkCFobeG/R5hVp+bU6TKrYNXHS9kdAx2Al2Tzdn+MKAMDezAK9sGjyEwD8hxlXHg7s7IDGPcGPUBaliyOjcRuMrDPQIk29MCL+iyABjSZAi4txyt4+vD7s2dwyNHayD6v9hjydDBJDXrkzjfqvKy7LId/1o+zOqGYSfX72L0pKfpyGLoRp+JKtsVFskf1BJJL/ee3Gy/t3z85Zey0i2xGDRc8bdyx0y4IISn8Mzy+w8PPzhqjBILvygqBWD40GVf5kSnzSxEhcojh6B0ze+knsDF+TQOlPLHKxxibMRgbMOQXc31QjLNbccNLJZ2/x/gkUMaOr7t+ij48r/iy4svL4i8Aeh1cWVqTeUoorynGxI3CeI+45QYIYHiLgMVNqS1tV6UJfSwYAtnVpNnEnZ5r/qBxJ5kzHVWCvWN8S8fvo5i2qC3o3JTSQzGDn9epVYI7sS3bGg8aOItAFFbwflM8P5vUfalI1Et+/qhdUMs2LOHs/BOVT0RMcdkBEfPQimq8MF/n1eq94MMQKG4x0fyO3AYWaXRElU1PbSzqKYc7VPQQXWtwd29pDuisBFkJW0JlsOcF0leKaV2/WRA80/Q7SE6Efwk/fS2EUpzxQtm1rhkNflxEItkHyl/lnrkTigocnF0hNiG5BmOI1M9qoj6axj5A52xZldwGV/6brz0/buJmQdcJkbxBtkFR9yT53/HzfBTVDLe6DauApH5lda0gKW7ObyONmvt0GZ7fZsCo4vx3Yi6e+A0LML0jM9dMTYT0fiMZWoNFAdFkZT9LFPSP7+2qECw20CLSmx276MNv2nNGaolpK0JjuG+YmOdEemlrvxQfgxpJJkbMmsv40EoA1TaapCCS4Fw== X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: c8169027-a0ff-4796-b669-08da6fc90178 X-MS-Exchange-CrossTenant-AuthSource: CY4PR1001MB2358.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2022 12:10:33.4987 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: t9R0nrwVCiaTEeSWH9V/WwcwSEoCRkkoNNS6BND9MW0cOme1JukdvFQlXKCVRo09iOYnNDeAwex/BubVyWZl4tGCDwog2aT2lJXYpWOWQG4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR10MB3205 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-27_03,2022-07-27_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 bulkscore=0 malwarescore=0 adultscore=0 mlxscore=0 mlxlogscore=999 suspectscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207270051 X-Proofpoint-GUID: u_Nqr9-Gr2Zvc9kkZQvC_8cYKvkeMBh4 X-Proofpoint-ORIG-GUID: u_Nqr9-Gr2Zvc9kkZQvC_8cYKvkeMBh4 Precedence: bulk List-ID: <linux-bluetooth.vger.kernel.org> X-Mailing-List: linux-bluetooth@vger.kernel.org |
Series |
[1/2] Bluetooth: ISO: unlock on error path in iso_sock_setsockopt()
|
expand
|
diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index 19d003727b50..c982087d3b52 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1235,7 +1235,7 @@ static int iso_sock_getsockopt(struct socket *sock, int level, int optname, { struct sock *sk = sock->sk; int len, err = 0; - struct bt_iso_qos qos; + struct bt_iso_qos qos = {}; /* zero out struct holes */ u8 base_len; u8 *base;
The "qos" struct has holes after the in and out struct members. Zero out those holes to prevent leaking stack information. The C standard rules for when struct holes are zeroed out are slightly weird. The existing assignments might initialize everything, but GCC is allowed to (and does sometimes) leave the struct holes uninitialized. However, when you have a struct initializer that doesn't initialize every member then the holes must be zeroed. Fixes: ccf74f2390d6 ("Bluetooth: Add BTPROTO_ISO socket type") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- net/bluetooth/iso.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)