Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 43629f8f authored by Vasiliy Kulikov's avatar Vasiliy Kulikov Committed by Gustavo F. Padovan
Browse files

Bluetooth: bnep: fix buffer overflow 



Struct ca is copied from userspace.  It is not checked whether the "device"
field is NULL terminated.  This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.

Signed-off-by: default avatarVasiliy Kulikov <segoon@openwall.com>
Signed-off-by: default avatarGustavo F. Padovan <padovan@profusion.mobi>
parent d9f51b51
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment