Bluetooth patches for 2.6.21-rc7

Wed, 25 Apr 2007 16:32:08 -0700 

Hi Dave,

I have two last minute patches before the final 2.6.21 kernel hits the
streets. One is a kernel memory leak that has been classified as
security issue. The second one is a sysfs fix to correct a wrong use of
class and bus devices.

Regards

Marcel


Please pull from

        git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6.git

This will update the following files:

 net/bluetooth/hci_sock.c  |    9 +++++++++
 net/bluetooth/hci_sysfs.c |    9 ++++++++-
 net/bluetooth/l2cap.c     |    6 ++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

through these ChangeSets:

Commit: 9457de6253a222a8c340b0442fb63c172069d962 
Author: Marcel Holtmann <[EMAIL PROTECTED]> Wed, 25 Apr 2007 22:38:39 +0200 

    [Bluetooth] Attach host adapters to the Bluetooth bus
    
    The Bluetooth host adapters are attached to the Bluetooth class and the
    low-level connections are children of these class devices. Having class
    devices as parent of bus devices breaks a lot of reasonable assumptions
    about sysfs. The host adapters should be attached to the Bluetooth bus
    to simplify the dependency resolving. For compatibility an additional
    symlink from the Bluetooth class will be used.
    
    Signed-off-by: Marcel Holtmann <[EMAIL PROTECTED]>

Commit: 32f1cf0a4643018f8473065d645dbc6b5772e93c 
Author: Marcel Holtmann <[EMAIL PROTECTED]> Wed, 25 Apr 2007 22:38:34 +0200 

    [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks
    
    The L2CAP and HCI setsockopt() implementations have a small information
    leak that makes it possible to leak kernel stack memory to userspace.
    
    If the optlen parameter is 0, no data will be copied by copy_from_user(),
    but the uninitialized stack buffer will be read and stored later. A call
    to getsockopt() can now retrieve the leaked information.
    
    To fix this problem the stack buffer given to copy_from_user() must be
    initialized with the current settings.
    
    Signed-off-by: Marcel Holtmann <[EMAIL PROTECTED]>



-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to