www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Young Xiao <YangX92@hotmail.com>
	Fri, 12 Apr 2019 07:24:30 +0000 (15:24 +0800)
committer	Brian Maly <brian.maly@oracle.com>
	Tue, 28 May 2019 18:40:15 +0000 (14:40 -0400)
commit	88b5a5ae859f0870415ef1e165f6e6366972b289
tree	f4611baebdf524a84810a2d88081c5a738bcc163	tree
parent	f365f8d308610c3ade094c05054a6c492bbeb6c0	commit \| diff

Bluetooth: hidp: fix buffer overflow

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
(cherry picked from commit a1616a5ac99ede5d605047a9012481ce7ff18b16)

Orabug: 29786786
CVE: CVE-2019-11884

Reviewed-by: John Haxby <john.haxby@oracle.com>
Signed-off-by: Allen Pais <allen.pais@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>