]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 5953bfc) | patch
Bluetooth: Properly check L2CAP config option output buffer length
authorBen Seri <ben@armis.com>
Sat, 9 Sep 2017 21:15:59 +0000 (23:15 +0200)
committerChuck Anderson <chuck.anderson@oracle.com>
Fri, 15 Sep 2017 03:49:51 +0000 (20:49 -0700)
commitf9b91dd02e8ca9441d624f87291bd679be7aee83
treea4f75d97b0f3bf113d1a47811b28ef1c7328890atree
parent5953bfc0c9cf9442d40c127bd45aecbb22477ca3commit | diff
Bluetooth: Properly check L2CAP config option output buffer length

Orabug: 26790014
CVE: CVE-2017-1000251

Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.

Cc: stable@vger.kernel.org
Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3)
Signed-off-by: Todd Vierling <todd.vierling@oracle.com>
Reviewed-by: Brian Maly <brian.maly@oracle.com>
net/bluetooth/l2cap_core.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.