evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/bluetooth
History
Mark Salyzyn 4d4a179e76 ANDROID: Bluetooth: hidp: buffer overflow in hidp_process_report 
The buffer length is unsigned at all layers, but gets cast to int and
checked in hidp_process_report and can lead to a buffer overflow.
Switch len parameter to unsigned int to resolve issue.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Fixes: 678af93e46ac10318b54f2f0c9abbdfe75c4e078 ("HID: Bluetooth: hidp: make sure input buffers are big enough")
Bug: 65853588
Change-Id: I779ce783ae7c3bce8c5a66c0954ef31347e42cfc
Git-repo: https://android.googlesource.com/kernel/msm
Git-commit: 34c56d552bffcaefa84975bea0e55fb4481964fd
Signed-off-by: Srinivasa Rao Kuppala <srkupp@codeaurora.org>
2018-07-25 02:01:34 -07:00
..
bnep Merge android-4.4@610af85 (v4.4.85) into msm-4.4 2017-09-04 17:20:09 -07:00
cmtp Merge android-4.4@610af85 (v4.4.85) into msm-4.4 2017-09-04 17:20:09 -07:00
hidp ANDROID: Bluetooth: hidp: buffer overflow in hidp_process_report 2018-07-25 02:01:34 -07:00
rfcomm Bluetooth: Replace %p with %pK 2016-06-28 17:01:54 -07:00
6lowpan.c Bluetooth: 6lowpan: Fix handling of uncompressed IPv6 packets 2016-03-03 15:07:16 -08:00
a2mp.c Bluetooth: Move get info completed callback to a2mp.c 2015-07-30 13:37:22 +02:00
a2mp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
af_bluetooth.c Bluetooth: Replace %p with %pK 2016-06-28 17:01:54 -07:00
amp.c Bluetooth: Fix breakage in amp_write_rem_assoc_frag() 2015-08-10 20:41:34 +02:00
amp.h Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
ecc.c
ecc.h
hci_conn.c Merge android-4.4.139 (7ba5557) into msm-4.4 2018-07-03 12:24:56 -07:00
hci_core.c Merge android-4.4.128 (89904cc) into msm-4.4 2018-04-20 13:05:36 +05:30
hci_debugfs.c Bluetooth: Expose current Device ID information via debugfs 2015-04-02 08:40:35 +03:00
hci_debugfs.h
hci_event.c Merge android-4.4.139 (7ba5557) into msm-4.4 2018-07-03 12:24:56 -07:00
hci_request.c Bluetooth: Fix incorrect removing of IRKs 2016-03-03 15:07:16 -08:00
hci_request.h Bluetooth: Introduce hci_req helper to abort a connection 2015-10-22 11:37:22 +02:00
hci_sock.c Merge branch 'android-4.4@9bc4622' into branch 'msm-4.4' 2017-06-07 09:31:32 -07:00
hci_sysfs.c Bluetooth: Replace %p with %pK 2016-06-28 17:01:54 -07:00
Kconfig Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
l2cap_core.c Merge android-4.4.112 (5f6325b) into msm-4.4 2018-01-24 12:35:11 +05:30
l2cap_sock.c Merge branch 'v4.4-16.09-android-tmp' into lsk-v4.4-16.09-android 2016-12-16 13:52:17 -08:00
lib.c Bluetooth: Replace %p with %pK 2016-06-28 17:01:54 -07:00
Makefile Bluetooth: Add BT_HS config option 2015-07-30 13:31:59 +02:00
mgmt.c Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
mgmt_util.c
mgmt_util.h
sco.c Bluetooth: Replace %p with %pK 2016-06-28 17:01:54 -07:00
selftest.c Bluetooth: Export ECDH selftest result in debugfs 2015-04-02 08:47:38 +03:00
selftest.h
smp.c Merge android-4.4.127 (d6bbe8b) into msm-4.4 2018-04-20 12:27:57 +05:30
smp.h Bluetooth: Fix crash in SMP when unpairing 2015-10-22 09:02:03 +02:00