Hi Mateusz, > Verify that the caller-provided sockaddr structure is large enough to > contain the sa_family field, before accessing it in bind() and connect() > handlers of the Bluetooth sockets. Since neither syscall enforces a minimum > size of the corresponding memory region, very short sockaddrs (zero or one > byte long) result in operating on uninitialized memory while referencing > sa_family. > > Signed-off-by: Mateusz Jurczyk <mjurczyk@xxxxxxxxxx> > --- > net/bluetooth/l2cap_sock.c | 5 +++-- > net/bluetooth/rfcomm/sock.c | 3 ++- > net/bluetooth/sco.c | 6 ++---- > 3 files changed, 7 insertions(+), 7 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
