Hi Johan, * johan.hedberg@xxxxxxxxx <johan.hedberg@xxxxxxxxx> [2012-03-26 14:21:42 +0300]: > From: Johan Hedberg <johan.hedberg@xxxxxxxxx> > > If passed 0 as data_length the (parsed < data_length - 1) test will be > true and cause a buffer overflow. In practice we need at least two bytes > for the element length and type so add a test for it to the very > beginning of the function. > > Signed-off-by: Johan Hedberg <johan.hedberg@xxxxxxxxx> > --- > include/net/bluetooth/hci_core.h | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) I applied both patches to bluetooth-next Gustavo -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
