Hi, On Fri, Mar 11, 2016, Johan Hedberg wrote: > The Add Advertising command handler does the appropriate checks for > the AD and Scan Response data, however fails to take into account the > general length of the mgmt command itself, which could lead to > potential buffer overflows. This patch adds the necessary check that > the mgmt command length is consistent with the given ad and scan_rsp > lengths. > > Signed-off-by: Johan Hedberg <johan.hedberg@xxxxxxxxx> > --- > net/bluetooth/mgmt.c | 4 ++++ > 1 file changed, 4 insertions(+) For the record, this one probably deserves a Cc: stable tag. It should cleanly apply to 4.5 and with a little bit of fixing to 4.4 as well (which might be more important as that's a long term support release). Johan -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
