This is a note to let you know that I've just added the patch titled
bluetooth: Validate socket address length in sco_sock_bind().
to the 4.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bluetooth-validate-socket-address-length-in-sco_sock_bind.patch
and it can be found in the queue-4.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Wed Dec 30 19:52:45 PST 2015
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Tue, 15 Dec 2015 15:39:08 -0500
Subject: bluetooth: Validate socket address length in sco_sock_bind().
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
[ Upstream commit 5233252fce714053f0151680933571a2da9cbfb4 ]
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/bluetooth/sco.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -520,6 +520,9 @@ static int sco_sock_bind(struct socket *
if (!addr || addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
+ if (addr_len < sizeof(struct sockaddr_sco))
+ return -EINVAL;
+
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {
Patches currently in stable-queue which might be from davem@xxxxxxxxxxxxx are
queue-4.1/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch
queue-4.1/ipv6-automatically-enable-stable-privacy-mode-if-stable_secret-set.patch
queue-4.1/ipv6-sctp-clone-options-to-avoid-use-after-free.patch
queue-4.1/net-check-both-type-and-procotol-for-tcp-sockets.patch
queue-4.1/pppoe-fix-memory-corruption-in-padt-work-structure.patch
queue-4.1/gre6-allow-to-update-all-parameters-via-rtnl.patch
queue-4.1/af_unix-revert-lock_interruptible-in-stream-receive-code.patch
queue-4.1/net-fix-uninitialized-variable-issue.patch
queue-4.1/fou-clean-up-socket-with-kfree_rcu.patch
queue-4.1/sh_eth-fix-kernel-oops-in-skb_put.patch
queue-4.1/tcp-restore-fastopen-with-no-data-in-syn-packet.patch
queue-4.1/skbuff-fix-offset-error-in-skb_reorder_vlan_header.patch
queue-4.1/net_sched-make-qdisc_tree_decrease_qlen-work-for-non-mq.patch
queue-4.1/r8152-fix-lockup-when-runtime-pm-is-enabled.patch
queue-4.1/net-qca_spi-fix-transmit-queue-timeout-handling.patch
queue-4.1/atl1c-improve-driver-not-to-do-order-4-gfp_atomic-allocation.patch
queue-4.1/ipv6-keep-existing-flags-when-setting-ifa_f_optimistic.patch
queue-4.1/bluetooth-validate-socket-address-length-in-sco_sock_bind.patch
queue-4.1/net-add-validation-for-the-socket-syscall-protocol-argument.patch
queue-4.1/sctp-update-the-netstamp_needed-counter-when-copying-sockets.patch
queue-4.1/sctp-also-copy-sk_tsflags-when-copying-the-socket.patch
queue-4.1/sctp-use-the-same-clock-as-if-sock-source-timestamps-were-on.patch
queue-4.1/net-fix-ip-early-demux-races.patch
queue-4.1/vlan-fix-untag-operations-of-stacked-vlans-with-reorder_header-off.patch
queue-4.1/vxlan-fix-incorrect-rco-bit-in-vxlan-header.patch
queue-4.1/rhashtable-fix-walker-list-corruption.patch
queue-4.1/rhashtable-enforce-minimum-size-on-initial-hash-table.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html