This is a note to let you know that I've just added the patch titled
bluetooth: Validate socket address length in sco_sock_bind().
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bluetooth-validate-socket-address-length-in-sco_sock_bind.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Mon Jan 18 21:18:36 PST 2016
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Tue, 15 Dec 2015 15:39:08 -0500
Subject: bluetooth: Validate socket address length in sco_sock_bind().
Status: RO
Content-Length: 619
Lines: 24
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
[ Upstream commit 5233252fce714053f0151680933571a2da9cbfb4 ]
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/bluetooth/sco.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -456,6 +456,9 @@ static int sco_sock_bind(struct socket *
if (!addr || addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
+ if (addr_len < sizeof(struct sockaddr_sco))
+ return -EINVAL;
+
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {
Patches currently in stable-queue which might be from davem@xxxxxxxxxxxxx are
queue-3.10/net-qmi_wwan-add-xs-stick-w100-2-from-4g-systems.patch
queue-3.10/ipv6-distinguish-frag-queues-by-device-for-multicast-and-link-local-packets.patch
queue-3.10/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch
queue-3.10/ipv6-sctp-clone-options-to-avoid-use-after-free.patch
queue-3.10/bluetooth-validate-socket-address-length-in-sco_sock_bind.patch
queue-3.10/atl1c-improve-driver-not-to-do-order-4-gfp_atomic-allocation.patch
queue-3.10/af_unix-revert-lock_interruptible-in-stream-receive-code.patch
queue-3.10/ipv6-sctp-implement-sctp_v6_destroy_sock.patch
queue-3.10/snmp-remove-duplicate-outmcast-stat-increment.patch
queue-3.10/sh_eth-fix-kernel-oops-in-skb_put.patch
queue-3.10/sctp-update-the-netstamp_needed-counter-when-copying-sockets.patch
queue-3.10/broadcom-fix-phy_id_bcm5481-entry-in-the-id-table.patch
queue-3.10/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch
queue-3.10/net-scm-fix-pax-detected-msg_controllen-overflow-in-scm_detach_fds.patch
queue-3.10/tcp-md5-fix-lockdep-annotation.patch
queue-3.10/sctp-translate-host-order-to-network-order-when-setting-a-hmacid.patch
queue-3.10/net-ipmr-fix-static-mfc-dev-leaks-on-table-destruction.patch
queue-3.10/net-ip6mr-fix-static-mfc-dev-leaks-on-table-destruction.patch
queue-3.10/net-add-validation-for-the-socket-syscall-protocol-argument.patch
queue-3.10/tcp-initialize-tp-copied_seq-in-case-of-cross-syn-connection.patch
queue-3.10/gre6-allow-to-update-all-parameters-via-rtnl.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html