]> git.ipfire.org Git - people/arne_f/kernel.git/commit
projects / people / arne_f / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07b7b1c) | patch
Bluetooth: hidp: fix buffer overflow
authorYoung Xiao <YangX92@hotmail.com>
Fri, 12 Apr 2019 07:24:30 +0000 (15:24 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 10 May 2019 15:53:15 +0000 (17:53 +0200)
commit2c33156b2d2f5efe820d8efdd610fb168c9acf72
tree1a59d9779903ad63dd8d037b702cbb3690d2d663tree | snapshot
parent07b7b1c823d602d0e5d3596387d7f0e67a7e9b5ecommit | diff
Bluetooth: hidp: fix buffer overflow

commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/bluetooth/hidp/sock.c diff | blob | blame | history
Arne's tree of linux kernel.