Re: [PATCH] Bluetooth: Add sockaddr length checks before accessing sa_family in bind and connect handlers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Mateusz,

> Verify that the caller-provided sockaddr structure is large enough to
> contain the sa_family field, before accessing it in bind() and connect()
> handlers of the Bluetooth sockets. Since neither syscall enforces a minimum
> size of the corresponding memory region, very short sockaddrs (zero or one
> byte long) result in operating on uninitialized memory while referencing
> sa_family.
> 
> Signed-off-by: Mateusz Jurczyk <mjurczyk@xxxxxxxxxx>
> ---
> net/bluetooth/l2cap_sock.c  | 5 +++--
> net/bluetooth/rfcomm/sock.c | 3 ++-
> net/bluetooth/sco.c         | 6 ++----
> 3 files changed, 7 insertions(+), 7 deletions(-)

patch has been applied to bluetooth-next tree.

Regards

Marcel

--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux