tmp_suning_uos_patched/net/bluetooth
Vasiliy Kulikov 43629f8f5e Bluetooth: bnep: fix buffer overflow
Struct ca is copied from userspace.  It is not checked whether the "device"
field is NULL terminated.  This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-02-14 12:51:33 -02:00
..
bnep Bluetooth: bnep: fix buffer overflow 2011-02-14 12:51:33 -02:00
cmtp Bluetooth: Do not use assignments in IF conditions 2011-02-08 01:40:08 -02:00
hidp Bluetooth: Do not use assignments in IF conditions 2011-02-08 01:40:08 -02:00
rfcomm Bluetooth: Never deallocate a session when some DLC points to it 2011-01-19 14:40:42 -02:00
af_bluetooth.c Bluetooth: fix crash by disabling tasklet in sock accept 2011-02-08 01:40:08 -02:00
hci_conn.c Bluetooth: Add set_io_capability management command 2011-02-08 01:40:08 -02:00
hci_core.c Bluetooth: Do not use assignments in IF conditions 2011-02-08 01:40:08 -02:00
hci_event.c Bluetooth: Do not use assignments in IF conditions 2011-02-08 01:40:08 -02:00
hci_sock.c Bluetooth: Add support for set_powered management command 2011-02-08 01:40:04 -02:00
hci_sysfs.c Bluetooth: Implement debugfs support for listing UUIDs 2011-02-08 01:40:06 -02:00
Kconfig Bluetooth: update Bluetooth daemon name in Kconfig help 2011-02-08 01:46:09 -02:00
l2cap_core.c Bluetooth: move __l2cap_sock_close() to l2cap_sock.c 2011-02-08 01:46:02 -02:00
l2cap_sock.c Bluetooth: l2cap: fix 1 byte infoleak to userspace 2011-02-11 15:21:29 -02:00
lib.c Bluetooth: make batostr() print in the right order 2010-10-12 12:44:52 -03:00
Makefile Bluetooth: Initial work for L2CAP split. 2011-02-08 01:43:30 -02:00
mgmt.c Bluetooth: Add set_io_capability management command 2011-02-08 01:40:08 -02:00
sco.c Bluetooth: clean up sco code 2010-12-01 21:04:43 -02:00