From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from userp1040.oracle.com ([156.151.31.81]:30100 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754996Ab3DWGZN (ORCPT ); Tue, 23 Apr 2013 02:25:13 -0400 Date: Tue, 23 Apr 2013 09:24:52 +0300 From: Dan Carpenter To: Lauro Ramos Venancio Cc: Aloisio Almeida Jr , Samuel Ortiz , "David S. Miller" , "John W. Linville" , Thierry Escande , Sasha Levin , linux-wireless@vger.kernel.org, linux-nfc@ml01.01.org, netdev@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch] NFC: llcp: two bugs in ->getname() Message-ID: <20130423062452.GD15893@elgon.mountain> (sfid-20130423_082605_349160_B7863A90) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-wireless-owner@vger.kernel.org List-ID: The sockaddr_nfc_llcp struct has as hole between ->sa_family and ->dev_idx so I've added a memset() to clear it and prevent an information leak. Also the ->nfc_protocol element wasn't set so I've added that. "uaddr->sa_family" and "llcp_addr->sa_family" are the same thing but it's less confusing to use llcp_addr consistently throughout. Signed-off-by: Dan Carpenter diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index c1101e6..c51e97d 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c @@ -476,12 +476,13 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *uaddr, pr_debug("%p %d %d %d\n", sk, llcp_sock->target_idx, llcp_sock->dsap, llcp_sock->ssap); - uaddr->sa_family = AF_NFC; - + memset(llcp_addr, 0, sizeof(*llcp_addr)); *len = sizeof(struct sockaddr_nfc_llcp); + llcp_addr->sa_family = AF_NFC; llcp_addr->dev_idx = llcp_sock->dev->idx; llcp_addr->target_idx = llcp_sock->target_idx; + llcp_addr->nfc_protocol = llcp_sock->nfc_protocol; llcp_addr->dsap = llcp_sock->dsap; llcp_addr->ssap = llcp_sock->ssap; llcp_addr->service_name_len = llcp_sock->service_name_len;