Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/bluetooth
History
Mathias Krause c8c499175f Bluetooth: SCO - Fix missing msg_namelen update in sco_sock_recvmsg() 
If the socket is in state BT_CONNECT2 and BT_SK_DEFER_SETUP is set in
the flags, sco_sock_recvmsg() returns early with 0 without updating the
possibly set msg_namelen member. This, in turn, leads to a 128 byte
kernel stack leak in net/socket.c.

Fix this by updating msg_namelen in this case. For all other cases it
will be handled in bt_sock_recvmsg().

Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2013-04-07 16:28:01 -04:00
..
bnep Bluetooth: Remove unnecessary include l2cap.h 2013-01-09 17:05:05 -02:00
cmtp
hidp Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() 2013-01-09 17:39:05 -02:00
rfcomm Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() 2013-04-07 16:28:00 -04:00
Kconfig
Makefile
a2mp.c Bluetooth: AMP: Use set_bit / test_bit for amp_mgr state 2013-01-09 17:05:05 -02:00
af_bluetooth.c Bluetooth: fix possible info leak in bt_sock_recvmsg() 2013-04-07 16:28:00 -04:00
amp.c Bluetooth: AMP: Use set_bit / test_bit for amp_mgr state 2013-01-09 17:05:05 -02:00
hci_conn.c Bluetooth: Fix hci_conn timeout routine 2013-01-31 15:38:02 -02:00
hci_core.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-02-21 17:40:58 -08:00
hci_event.c Bluetooth: Remove unneeded locking 2013-02-01 15:50:18 -02:00
hci_sock.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
hci_sysfs.c Bluetooth: Fix uuid output in debugfs 2013-01-10 16:32:35 -02:00
l2cap_core.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2013-01-30 14:21:04 -05:00
l2cap_sock.c
lib.c
mgmt.c Bluetooth: Refactor mgmt_pending_foreach 2013-02-01 15:50:18 -02:00
sco.c Bluetooth: SCO - Fix missing msg_namelen update in sco_sock_recvmsg() 2013-04-07 16:28:01 -04:00
smp.c Bluetooth: Fix handling of unexpected SMP PDUs 2013-01-31 15:35:42 -02:00