]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 435885b) | patch
Bluetooth: hidp: fix buffer overflow
authorYoung Xiao <YangX92@hotmail.com>
Fri, 12 Apr 2019 07:24:30 +0000 (15:24 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 11 May 2019 05:49:55 +0000 (07:49 +0200)
commit4d4cafccc6d3af718de78ab23f79feb44ec4d3d3
treeabf0092380dda4a830ed119d73c669cfa8946069tree | snapshot
parent435885bdb0d8ba3edd414a807343f7ae4167513bcommit | diff
Bluetooth: hidp: fix buffer overflow

commit a1616a5ac99ede5d605047a9012481ce7ff18b16 upstream.

Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/bluetooth/hidp/sock.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git