projects / platform / kernel / linux-rpi3.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7d05a8e) | patch
Bluetooth: Properly check L2CAP config option output buffer length 96/150096/1 accepted/tizen/4.0/unified/20170920.081526 accepted/tizen/unified/20170920.081036 submit/tizen/20170915.014726 submit/tizen/20170919.044447 submit/tizen_4.0/20170915.014357 submit/tizen_4.0/20170919.044533
authorBen Seri <ben@armis.com>
Sat, 9 Sep 2017 21:15:59 +0000 (23:15 +0200)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Thu, 14 Sep 2017 08:26:26 +0000 (17:26 +0900)
commitf414e8acf5c56f229f6af5844a5f750a56f1fd02
tree8c0c86ee77b57958a1f0a407578bde36ec4bafb8tree | snapshot
parent7d05a8e09a0615b87060eadce9fd10ec0697b93bcommit | diff
Bluetooth: Properly check L2CAP config option output buffer length

commit e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 upstream.

Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.

Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: Cherry-pick from linux-4.9.y tree to fix CVE-2017-1000251]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I6685f0bfbc098bbb284342453295da04cb19e29c
net/bluetooth/l2cap_core.c diff | blob | history
Domain: System / Kernel; Licenses: GPL-2.0;