Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 43629f8f5ea32a998d06d1bb41eefa0e821ff573
commit43629f8f5ea32a998d06d1bb41eefa0e821ff573[log] [tgz]
authorVasiliy Kulikov <segoon@openwall.com>Mon Feb 14 13:54:31 2011 +0300
committerGustavo F. Padovan <padovan@profusion.mobi>Mon Feb 14 12:51:33 2011 -0200
tree6cc475d80311abf2b06e2b8a2cfd96043192decd
parentd9f51b51db2064c9049bf7924318fd8c6ed852cb [diff]
Bluetooth: bnep: fix buffer overflow

Struct ca is copied from userspace.  It is not checked whether the "device"
field is NULL terminated.  This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
1 file changed
tree: 6cc475d80311abf2b06e2b8a2cfd96043192decd
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS