evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/bluetooth
History
Johan Hedberg f0de3cec40 Bluetooth: Fix potential buffer overflow with Add Advertising 
commit 6a0e78072c2ae7b20b14e0249d8108441ea928d2 upstream.

The Add Advertising command handler does the appropriate checks for
the AD and Scan Response data, however fails to take into account the
general length of the mgmt command itself, which could lead to
potential buffer overflows. This patch adds the necessary check that
the mgmt command length is consistent with the given ad and scan_rsp
lengths.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-04-12 09:08:54 -07:00
..
bnep
cmtp
hidp Bluetooth: hidp: fix device disconnect on idle timeout 2015-10-21 00:49:23 +02:00
rfcomm
6lowpan.c Bluetooth: 6lowpan: Fix handling of uncompressed IPv6 packets 2016-03-03 15:07:16 -08:00
a2mp.c
a2mp.h
af_bluetooth.c net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
amp.c
amp.h
ecc.c
ecc.h
hci_conn.c Bluetooth: Use continuous scanning when creating LE connections 2016-03-03 15:07:16 -08:00
hci_core.c Bluetooth: Check for supported white list before issuing commands 2015-11-05 04:03:21 +01:00
hci_debugfs.c
hci_debugfs.h
hci_event.c Bluetooth: Rename bt_cb()->req into bt_cb()->hci 2015-10-26 08:21:03 +02:00
hci_request.c Bluetooth: Fix incorrect removing of IRKs 2016-03-03 15:07:16 -08:00
hci_request.h Bluetooth: Introduce hci_req helper to abort a connection 2015-10-22 11:37:22 +02:00
hci_sock.c Bluetooth: Rename bt_cb()->req into bt_cb()->hci 2015-10-26 08:21:03 +02:00
hci_sysfs.c
Kconfig
l2cap_core.c Bluetooth: L2CAP: Add missing checks for invalid LE DCID 2015-11-05 04:04:15 +01:00
l2cap_sock.c Bluetooth: l2cap_disconnection_req priority over shutdown 2015-10-21 00:49:26 +02:00
lib.c Bluetooth: Add BT_WARN and bt_dev_warn logging macros 2015-09-24 16:25:44 +02:00
Makefile
mgmt.c Bluetooth: Fix potential buffer overflow with Add Advertising 2016-04-12 09:08:54 -07:00
mgmt_util.c
mgmt_util.h
sco.c bluetooth: Validate socket address length in sco_sock_bind(). 2015-12-15 15:39:08 -05:00
selftest.c
selftest.h
smp.c Bluetooth: Fix incorrect removing of IRKs 2016-03-03 15:07:16 -08:00
smp.h Bluetooth: Fix crash in SMP when unpairing 2015-10-22 09:02:03 +02:00