projects / profile / mobile / platform / kernel / linux-3.10-sc7730.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3994a4) | patch
Bluetooth: Properly check L2CAP config option output buffer length 19/150219/2 accepted/tizen/4.0/unified/20170915.201915 accepted/tizen/unified/20170915.195823 submit/tizen/20170915.014726 submit/tizen/20170915.052049 submit/tizen_4.0/20170915.014357 submit/tizen_4.0/20170915.051857
authorBen Seri <ben@armis.com>
Sat, 9 Sep 2017 21:15:59 +0000 (23:15 +0200)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Fri, 15 Sep 2017 00:33:33 +0000 (00:33 +0000)
commit2ae7c3097676bbe037c50d2c01b88d1efe5f2195
tree9dcee748aab94fef962ae76b7990d97a9b172dbdtree | snapshot
parentb3994a473deab6e28dabb07f6c823292ff5c402acommit | diff
Bluetooth: Properly check L2CAP config option output buffer length

commit e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 upstream.

Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.

Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[dh79.pyun: Cherry-pick from mainline to fix CVE-2017-1000251]
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
Change-Id: I3de2bb146a60c20a90cfcdf10614f3febed3ed8b
net/bluetooth/l2cap_core.c diff | blob | history
Domain: System / Kernel;