github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 15:42:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
9faef35be7
linux/net/bluetooth
History
Mathias Krause 2d97f68d03 Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() 
[ Upstream commit e11e0455c0 ]

If RFCOMM_DEFER_SETUP is set in the flags, rfcomm_sock_recvmsg() returns
early with 0 without updating the possibly set msg_namelen member. This,
in turn, leads to a 128 byte kernel stack leak in net/socket.c.

Fix this by updating msg_namelen in this case. For all other cases it
will be handled in bt_sock_stream_recvmsg().

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-05-01 09:41:04 -07:00
..
bnep Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
cmtp Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
hidp Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() 2013-02-03 18:24:41 -06:00
rfcomm Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() 2013-05-01 09:41:04 -07:00
af_bluetooth.c Bluetooth: fix possible info leak in bt_sock_recvmsg() 2013-05-01 09:41:04 -07:00
hci_conn.c Bluetooth: Fix sending a HCI Authorization Request over LE links 2012-10-02 10:30:34 -07:00
hci_core.c Bluetooth: cancel power_on work when unregistering the device 2013-01-11 09:07:17 -08:00
hci_event.c Bluetooth: Fix sending HCI commands after reset 2013-02-03 18:24:40 -06:00
hci_sock.c Bluetooth: HCI - Fix info leak via getsockname() 2012-10-02 10:29:36 -07:00
hci_sysfs.c Bluetooth: Use proper datatypes in release-callbacks 2012-02-13 17:01:38 +02:00
Kconfig Bluetooth: Fix Kconfig help description 2012-02-29 18:50:25 +02:00
l2cap_core.c Bluetooth: Fix using uninitialized option in RFCMode 2012-12-03 11:46:36 -08:00
l2cap_sock.c Bluetooth: Change signature of smp_conn_security() 2012-10-02 10:30:34 -07:00
lib.c Bluetooth: Add logging functions bt_info and bt_err 2012-02-17 11:33:17 +02:00
Makefile Bluetooth: Always compile SCO and L2CAP in Bluetooth Core 2011-12-21 02:21:08 -02:00
mgmt.c Bluetooth: mgmt: Fix enabling LE while powered off 2012-10-02 10:30:08 -07:00
sco.c Bluetooth: Fix not closing SCO sockets in the BT_CONNECT2 state 2013-04-05 10:04:15 -07:00
smp.c Bluetooth: Fix handling of unexpected SMP PDUs 2013-02-14 10:48:53 -08:00