OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ddf58468e0
linux/net/bluetooth
History
Mathias Krause c8c499175f Bluetooth: SCO - Fix missing msg_namelen update in sco_sock_recvmsg() 
If the socket is in state BT_CONNECT2 and BT_SK_DEFER_SETUP is set in
the flags, sco_sock_recvmsg() returns early with 0 without updating the
possibly set msg_namelen member. This, in turn, leads to a 128 byte
kernel stack leak in net/socket.c.

Fix this by updating msg_namelen in this case. For all other cases it
will be handled in bt_sock_recvmsg().

Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-07 16:28:01 -04:00
..
bnep
cmtp
hidp
rfcomm Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() 2013-04-07 16:28:00 -04:00
a2mp.c
af_bluetooth.c Bluetooth: fix possible info leak in bt_sock_recvmsg() 2013-04-07 16:28:00 -04:00
amp.c
hci_conn.c Bluetooth: Fix hci_conn timeout routine 2013-01-31 15:38:02 -02:00
hci_core.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-02-21 17:40:58 -08:00
hci_event.c Bluetooth: Remove unneeded locking 2013-02-01 15:50:18 -02:00
hci_sock.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
hci_sysfs.c
Kconfig
l2cap_core.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2013-01-30 14:21:04 -05:00
l2cap_sock.c
lib.c
Makefile
mgmt.c Bluetooth: Refactor mgmt_pending_foreach 2013-02-01 15:50:18 -02:00
sco.c Bluetooth: SCO - Fix missing msg_namelen update in sco_sock_recvmsg() 2013-04-07 16:28:01 -04:00
smp.c Bluetooth: Fix handling of unexpected SMP PDUs 2013-01-31 15:35:42 -02:00