| commit | f4fc0e56a21f9b5c345965f49da91f330b7cf202 | |
| author | Vasiliy Kulikov <segoon@openwall.com> | |
| Mon, 14 Feb 2011 10:54:31 +0000 (14 13:54 +0300) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Thu, 14 Apr 2011 20:02:29 +0000 (14 13:02 -0700) | ||
| tree | 5af5e316d19112231afed792e7d36a09c97d8f32 | treesnapshot (tar.gz zip) |
| parent | 1d7b65a52f9bba3af57f1145e18fefff6a8df06a | commitdiff |
Bluetooth: bnep: fix buffer overflow
commit 43629f8f5ea32a998d06d1bb41eefa0e821ff573 upstream.
Struct ca is copied from userspace. It is not checked whether the "device"
field is NULL terminated. This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 43629f8f5ea32a998d06d1bb41eefa0e821ff573 upstream.
Struct ca is copied from userspace. It is not checked whether the "device"
field is NULL terminated. This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| net/bluetooth/bnep/sock.c | diffblobblamehistory |