Bluetooth: Properly check L2CAP config option output buffer
commit
e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 upstream.
Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.
Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[dh79.pyun: Cherry-pick from mainline to fix CVE-2017-1000251]
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
Change-Id: Ia665b17aa7bfaa6ee13d652cce494da10b19b56d
projects / platform / kernel / linux-exynos.git / commit