projects / profile / wearable / platform / kernel / linux-3.18-exynos7270.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: df8f4a6) | patch
Bluetooth: Properly check L2CAP config option output buffer length 90/150090/1 accepted/tizen/4.0/unified/20170915.201907 accepted/tizen/unified/20170915.195814 submit/tizen/20170915.014726 submit/tizen/20170915.052049 submit/tizen_4.0/20170915.014357 submit/tizen_4.0/20170915.051857
authorBen Seri <ben@armis.com>
Sat, 9 Sep 2017 21:15:59 +0000 (23:15 +0200)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Thu, 14 Sep 2017 08:02:14 +0000 (17:02 +0900)
commit79a8dee624ea2b83f1253e0f24e196e8193c1913
tree3dddefaf09bddd088466f5fffcaff34451331310tree | snapshot
parentdf8f4a663dbbb037201bfc240cead1bf50a6c5f0commit | diff
Bluetooth: Properly check L2CAP config option output buffer length

commit e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 upstream.

Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.

Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: Cherry-pick from linux-3.18.y tree to fix CVE-2017-1000251]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I479e2d5141a9cb0b5bc105dc40298cbd4bddbff0
net/bluetooth/l2cap_core.c diff | blob | history
Domain: System / Kernel;