Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-13 15:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
7ac2881753
linux/net/bluetooth
History
Dan Rosenberg 7ac2881753 Bluetooth: Prevent buffer overflow in l2cap config request 
A remote user can provide a small value for the command size field in
the command header of an l2cap configuration request, resulting in an
integer underflow when subtracting the size of the configuration request
header.  This results in copying a very large amount of data via
memcpy() and destroying the kernel heap.  Check for underflow.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-06-28 14:57:55 -03:00
..
bnep Bluetooth: Use kthread API in bnep 2011-04-05 12:40:47 -03:00
cmtp Bluetooth: Move more channel info to struct l2cap_chan 2011-04-28 01:09:58 -03:00
hidp Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2011-05-23 09:10:03 -07:00
rfcomm Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. 2011-06-09 15:30:01 -03:00
af_bluetooth.c Bluetooth: remove unnecessary call to hci_sock_cleanup 2011-02-25 22:36:58 -03:00
hci_conn.c Bluetooth: Fix L2CAP connection establishment 2011-06-15 15:03:37 -03:00
hci_core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-05-05 13:32:35 -04:00
hci_event.c Bluetooth: Do not send SET_EVENT_MASK for 1.1 and earlier devices 2011-06-10 15:04:42 -03:00
hci_sock.c Bluetooth: fix build break on hci_sock.c 2011-02-22 08:43:52 -03:00
hci_sysfs.c Bluetooth: Add variable SSP auto-accept delay support 2011-04-28 16:02:30 -03:00
Kconfig Bluetooth: Fix BT_L2CAP and BT_SCO in Kconfig 2011-02-28 14:06:53 -05:00
l2cap_core.c Bluetooth: Prevent buffer overflow in l2cap config request 2011-06-28 14:57:55 -03:00
l2cap_sock.c Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. 2011-06-09 15:30:01 -03:00
lib.c Bluetooth: make batostr() print in the right order 2010-10-12 12:44:52 -03:00
Makefile Bluetooth: Merge L2CAP and SCO modules into bluetooth.ko 2011-02-14 17:27:36 -03:00
mgmt.c Bluetooth: Add support for disconnecting LE links via mgmt 2011-05-11 16:42:14 -03:00
sco.c Bluetooth: fix shutdown on SCO sockets 2011-06-10 15:04:40 -03:00