Re: [PATCH 2/2] Bluetooth: Check for minimum data length in eir_has_data_type()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Johan,

* johan.hedberg@xxxxxxxxx <johan.hedberg@xxxxxxxxx> [2012-03-26 14:21:42 +0300]:

> From: Johan Hedberg <johan.hedberg@xxxxxxxxx>
> 
> If passed 0 as data_length the (parsed < data_length - 1) test will be
> true and cause a buffer overflow. In practice we need at least two bytes
> for the element length and type so add a test for it to the very
> beginning of the function.
> 
> Signed-off-by: Johan Hedberg <johan.hedberg@xxxxxxxxx>
> ---
>  include/net/bluetooth/hci_core.h |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)

I applied both patches to bluetooth-next

	Gustavo
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux