github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
bfbf76dca7
linux/net/bluetooth
History
Vasiliy Kulikov e826581a58 Bluetooth: bnep: fix buffer overflow 
commit 43629f8f5e upstream.

Struct ca is copied from userspace.  It is not checked whether the "device"
field is NULL terminated.  This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-14 16:53:33 -07:00
..
bnep Bluetooth: bnep: fix buffer overflow 2011-04-14 16:53:33 -07:00
cmtp isdn: rename capi_ctr_reseted() to capi_ctr_down() 2009-06-08 00:45:50 -07:00
hidp HID: consolidate connect and disconnect into core code 2009-09-17 15:15:11 +02:00
rfcomm Bluetooth: Fix potential bad memory access with sysfs files 2010-04-01 15:58:54 -07:00
af_bluetooth.c net: mark read-only arrays as const 2009-08-05 10:42:58 -07:00
hci_conn.c Bluetooth: Set general bonding security for ACL by default 2009-11-16 01:30:28 +01:00
hci_core.c Bluetooth: Convert hdev->req_lock to a mutex 2009-08-22 14:35:02 -07:00
hci_event.c Bluetooth: Add extra device reference counting for connections 2009-08-22 14:19:26 -07:00
hci_sock.c net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
hci_sysfs.c bluetooth: scheduling while atomic bug fix 2009-10-19 19:36:45 -07:00
Kconfig Bluetooth: Add missing selection of CONFIG_CRC16 for L2CAP layer 2009-08-24 16:34:35 -07:00
l2cap.c Bluetooth: Fix kernel crash on L2CAP stress tests 2010-04-01 15:58:55 -07:00
lib.c [NET] BLUETOOTH: Fix whitespace errors. 2007-02-10 23:19:20 -08:00
Makefile
sco.c Bluetooth: sco: fix information leak to userspace 2011-04-14 16:53:32 -07:00