Re: [PATCH 2/3 BlueZ] hcidump:fixed hci frame dump stack-buffer-overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
On Wed, Oct 31, 2018 at 10:39 AM Cho, Yu-Chen <acho@xxxxxxxx> wrote:
>
> hci_dump() didn't check the length of frame, and it would be
> a stack-buffer-overflow error.
>
> Signed-off-by: Cho, Yu-Chen <acho@xxxxxxxx>
> ---
>  tools/parser/hci.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/tools/parser/hci.c b/tools/parser/hci.c
> index 8c7bd2581..4e6c36040 100644
> --- a/tools/parser/hci.c
> +++ b/tools/parser/hci.c
> @@ -4107,6 +4107,9 @@ void hci_dump(int level, struct frame *frm)
>
>         frm->ptr++; frm->len--;
>
> +       if (frm->len == 0)
> +               return;
> +
>         switch (type) {
>         case HCI_COMMAND_PKT:
>                 command_dump(level, frm);
> --
> 2.19.1

Applied.

-- 
Luiz Augusto von Dentz
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux