1
linux/net/bluetooth/bnep
Vasiliy Kulikov 43629f8f5e Bluetooth: bnep: fix buffer overflow
Struct ca is copied from userspace.  It is not checked whether the "device"
field is NULL terminated.  This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-02-14 12:51:33 -02:00
..
bnep.h net: use __packed annotation 2010-06-03 03:21:52 -07:00
core.c Bluetooth: bnep: fix information leak to userland 2010-12-01 21:04:35 -02:00
Kconfig
Makefile
netdev.c Bluetooth: Bring back var 'i' increment 2010-06-24 22:08:37 -07:00
sock.c Bluetooth: bnep: fix buffer overflow 2011-02-14 12:51:33 -02:00