projects / profile / mobile / platform / kernel / linux-3.10-sc7730.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f45ad1e)
bluetooth: Validate socket address length in sco_sock_bind(). 95/154695/1
authorDavid S. Miller <davem@davemloft.net>
Tue, 15 Dec 2015 20:39:08 +0000 (15:39 -0500)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Wed, 11 Oct 2017 05:52:56 +0000 (14:52 +0900)
[ Upstream commit 5233252fce714053f0151680933571a2da9cbfb4 ]

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.10.y to fix CVE-2015-8575]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ib385bb8bb72ae28328cc859da4d633545b0251cb

net/bluetooth/sco.c patch | blob | history

diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 6981ae1..49252ab 100644 (file)
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -527,6 +527,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
        if (!addr || addr->sa_family != AF_BLUETOOTH)
                return -EINVAL;
 
+       if (addr_len < sizeof(struct sockaddr_sco))
+               return -EINVAL;
+
        lock_sock(sk);
 
        if (sk->sk_state != BT_OPEN) {
Domain: System / Kernel;