shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-26 12:30:23 +09:00
Code Issues Packages Projects Releases Wiki Activity

Bluetooth: hci_sock: fix slab oob read in create_monitor_event

Browse Source 
commit 18f547f3fc upstream.

When accessing hdev->name, the actual string length should prevail

Reported-by: syzbot+c90849c50ed209d77689@syzkaller.appspotmail.com
Fixes: dcda165706 ("Bluetooth: hci_core: Fix build warnings")
Signed-off-by: Edward AD <twuufnxlz@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Edward AD
2023-10-10 13:36:57 +08:00
committed by Greg Kroah-Hartman
parent c08d609fb2
commit a6df96ee0b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/bluetooth/hci_sock.c
View File

@@ -438,7 +438,7 @@ static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
ni->type = hdev->dev_type;
ni->bus = hdev->bus;
bacpy(&ni->bdaddr, &hdev->bdaddr);
memcpy(ni->name, hdev->name, 8);
memcpy(ni->name, hdev->name, strlen(hdev->name));
opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
break;