Vasiliy Kulikov e826581a58 Bluetooth: bnep: fix buffer overflow ...

commit 43629f8f5e upstream.

Struct ca is copied from userspace.  It is not checked whether the "device"
field is NULL terminated.  This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

2011-04-14 16:53:33 -07:00

..

bnep

Bluetooth: bnep: fix buffer overflow

2011-04-14 16:53:33 -07:00

cmtp

isdn: rename capi_ctr_reseted() to capi_ctr_down()

2009-06-08 00:45:50 -07:00

hidp

HID: consolidate connect and disconnect into core code

2009-09-17 15:15:11 +02:00

rfcomm

Bluetooth: Fix potential bad memory access with sysfs files

2010-04-01 15:58:54 -07:00

af_bluetooth.c

net: mark read-only arrays as const

2009-08-05 10:42:58 -07:00

hci_conn.c

Bluetooth: Set general bonding security for ACL by default

2009-11-16 01:30:28 +01:00

hci_core.c

Bluetooth: Convert hdev->req_lock to a mutex

2009-08-22 14:35:02 -07:00

hci_event.c

Bluetooth: Add extra device reference counting for connections

2009-08-22 14:19:26 -07:00

hci_sock.c

net: Make setsockopt() optlen be unsigned.

2009-09-30 16:12:20 -07:00

hci_sysfs.c

bluetooth: scheduling while atomic bug fix

2009-10-19 19:36:45 -07:00

Kconfig

Bluetooth: Add missing selection of CONFIG_CRC16 for L2CAP layer

2009-08-24 16:34:35 -07:00

l2cap.c

Bluetooth: Fix kernel crash on L2CAP stress tests

2010-04-01 15:58:55 -07:00

lib.c

[NET] BLUETOOTH: Fix whitespace errors.

2007-02-10 23:19:20 -08:00

Makefile

Linux-2.6.12-rc2

2005-04-16 15:20:36 -07:00

sco.c

Bluetooth: sco: fix information leak to userspace

2011-04-14 16:53:32 -07:00