linux/net/bluetooth
Young Xiao a1616a5ac9 Bluetooth: hidp: fix buffer overflow
Struct ca is copied from userspace. It is not checked whether the "name"
field is NULL terminated, which allows local users to obtain potentially
sensitive information from kernel stack memory, via a HIDPCONNADD command.

This vulnerability is similar to CVE-2011-1079.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
2019-04-23 19:04:38 +02:00
..
bnep Merge branch 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-10-25 12:48:22 -07:00
cmtp Merge branch 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-10-25 12:48:22 -07:00
hidp Bluetooth: hidp: fix buffer overflow 2019-04-23 19:04:38 +02:00
rfcomm net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
6lowpan.c Bluetooth: 6lowpan: Fix debugfs_simple_attr.cocci warnings 2019-01-22 09:51:19 +01:00
a2mp.c Bluetooth: a2mp: Use struct_size() helper 2019-02-18 14:01:59 +01:00
a2mp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
af_bluetooth.c net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
amp.c Bluetooth: Use bt_dev_err and bt_dev_info when possible 2017-10-30 12:25:45 +02:00
amp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
ecdh_helper.c Bluetooth: let the crypto subsystem generate the ecc privkey 2017-10-06 20:35:47 +02:00
ecdh_helper.h Bluetooth: let the crypto subsystem generate the ecc privkey 2017-10-06 20:35:47 +02:00
hci_conn.c Bluetooth: Implement Set ADV set random address 2018-07-30 13:44:53 +02:00
hci_core.c Bluetooth: Add quirk for reading BD_ADDR from fwnode property 2019-02-26 10:08:26 +01:00
hci_debugfs.c Bluetooth: Store Resolv list size 2018-07-06 12:40:08 +02:00
hci_debugfs.h Bluetooth: Provide option to enable/disable debugfs information 2015-02-15 18:54:13 +02:00
hci_event.c Bluetooth: hci_event: Use struct_size() helper 2019-02-18 14:00:09 +01:00
hci_request.c Bluetooth: clean an indentation issue, remove extraneous space 2018-12-19 00:44:01 +01:00
hci_request.h Bluetooth: Implement Set ADV set random address 2018-07-30 13:44:53 +02:00
hci_sock.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2019-02-24 22:27:19 -08:00
hci_sysfs.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
Kconfig Revert "Bluetooth: Add option for disabling legacy ioctl interfaces" 2017-09-28 13:20:32 -07:00
l2cap_core.c Bluetooth: Fix not initializing L2CAP tx_credits 2019-04-23 18:09:07 +02:00
l2cap_sock.c Bluetooth: Add return check for L2CAP security level set 2019-04-23 18:09:07 +02:00
leds.c leds: triggers: let struct led_trigger::activate() return an error code 2018-07-05 23:21:10 +02:00
leds.h Bluetooth: Add combined LED trigger for controller power 2016-09-19 20:19:34 +02:00
lib.c Bluetooth: make baswap src const 2017-09-01 22:49:47 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mgmt_util.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
mgmt_util.h Bluetooth: Add generic mgmt helper API 2015-03-17 18:03:08 +01:00
mgmt.c Bluetooth: Add quirk for reading BD_ADDR from fwnode property 2019-02-26 10:08:26 +01:00
sco.c net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
selftest.c Bluetooth: Fix compiler warning with selftest duration calculation 2017-10-06 21:49:13 +03:00
selftest.h Bluetooth: Add support for self testing framework 2014-12-30 08:53:55 +02:00
smp.c crypto: drop mask=CRYPTO_ALG_ASYNC from 'shash' tfm allocations 2018-11-20 14:26:55 +08:00
smp.h Bluetooth: SMP: fix crash in unpairing 2018-09-26 12:39:32 +03:00