Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / b3916db32c4a3124eee9f3742a2f4723731d7602
commitb3916db32c4a3124eee9f3742a2f4723731d7602[log] [tgz]
authorDavid Herrmann <dh.herrmann@gmail.com>Fri Apr 05 14:57:34 2013 +0200
committerGustavo Padovan <gustavo.padovan@collabora.co.uk>Fri Apr 05 23:44:14 2013 -0300
tree342531410aa6985decfc173e3bf892d7b4ec47e8
parentc849edbdc2fc3a9ba37ae6810d7a1e2c92b302d7 [diff]
Bluetooth: hidp: verify l2cap sockets

We need to verify that the given sockets actually are l2cap sockets. If
they aren't, we are not supposed to access bt_sk(sock) and we shouldn't
start the session if the offsets turn out to be valid local BT addresses.

That is, if someone passes a TCP socket to HIDCONNADD, then we access some
random offset in the TCP socket (which isn't even guaranteed to be valid).

Fix this by checking that the socket is an l2cap socket.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
3 files changed
tree: 342531410aa6985decfc173e3bf892d7b4ec47e8
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS