Re: There is an array-index-out-bounds bug in detach_capi_ctr in drivers/isdn/capi/kcapi.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> When I last touched the capi code, I tried to remove it all, but we then
> left it in the kernel because the bluetooth cmtp code can still theoretically
> use it.
>
> May I ask how you managed to run into this? Did you find the bug through
> inspection first and then produce it using cmtp, or did you actually use
> cmtp?

I fuzz the bluez system and find a crash to analyze it and reproduce it.

> If the only purpose of cmtp is now to be a target for exploits, then I
> would suggest we consider removing both cmtp and capi for
> good after backporting your fix to stable kernels. Obviously
> if it turns out that someone actually uses cmtp and/or capi, we
> should not remove it.
>
Yes, I think this should be feasible.

Regards
  butt3rflyh4ck.


-- 
Active Defense Lab of Venustech



[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux