From patchwork Tue Apr 23 06:24:52 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 2475591 Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 4A8823FCA5 for ; Tue, 23 Apr 2013 06:25:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755363Ab3DWGZO (ORCPT ); Tue, 23 Apr 2013 02:25:14 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:30100 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754996Ab3DWGZN (ORCPT ); Tue, 23 Apr 2013 02:25:13 -0400 Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r3N6OtQ5016285 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 23 Apr 2013 06:24:56 GMT Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r3N6OrUR026052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 23 Apr 2013 06:24:54 GMT Received: from abhmt116.oracle.com (abhmt116.oracle.com [141.146.116.68]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r3N6OqdR019576; Tue, 23 Apr 2013 06:24:53 GMT Received: from elgon.mountain (/197.237.137.111) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 22 Apr 2013 23:24:52 -0700 Date: Tue, 23 Apr 2013 09:24:52 +0300 From: Dan Carpenter To: Lauro Ramos Venancio Cc: Aloisio Almeida Jr , Samuel Ortiz , "David S. Miller" , "John W. Linville" , Thierry Escande , Sasha Levin , linux-wireless@vger.kernel.org, linux-nfc@ml01.01.org, netdev@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch] NFC: llcp: two bugs in ->getname() Message-ID: <20130423062452.GD15893@elgon.mountain> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Source-IP: acsinet22.oracle.com [141.146.126.238] Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org The sockaddr_nfc_llcp struct has as hole between ->sa_family and ->dev_idx so I've added a memset() to clear it and prevent an information leak. Also the ->nfc_protocol element wasn't set so I've added that. "uaddr->sa_family" and "llcp_addr->sa_family" are the same thing but it's less confusing to use llcp_addr consistently throughout. Signed-off-by: Dan Carpenter --- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index c1101e6..c51e97d 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c @@ -476,12 +476,13 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *uaddr, pr_debug("%p %d %d %d\n", sk, llcp_sock->target_idx, llcp_sock->dsap, llcp_sock->ssap); - uaddr->sa_family = AF_NFC; - + memset(llcp_addr, 0, sizeof(*llcp_addr)); *len = sizeof(struct sockaddr_nfc_llcp); + llcp_addr->sa_family = AF_NFC; llcp_addr->dev_idx = llcp_sock->dev->idx; llcp_addr->target_idx = llcp_sock->target_idx; + llcp_addr->nfc_protocol = llcp_sock->nfc_protocol; llcp_addr->dsap = llcp_sock->dsap; llcp_addr->ssap = llcp_sock->ssap; llcp_addr->service_name_len = llcp_sock->service_name_len;