forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net
History
Anderson Lizardo 95675e4004 Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() 
commit 0a9ab9bdb3 upstream.

The length parameter should be sizeof(req->name) - 1 because there is no
guarantee that string provided by userspace will contain the trailing
'\0'.

Can be easily reproduced by manually setting req->name to 128 non-zero
bytes prior to ioctl(HIDPCONNADD) and checking the device name setup on
input subsystem:

$ cat /sys/devices/pnp0/00\:04/tty/ttyS0/hci0/hci0\:1/input8/name
AAAAAA[...]AAAAAAAAf0:af:f0:af:f0:af

("f0:af:f0:af:f0:af" is the device bluetooth address, taken from "phys"
field in struct hid_device due to overflow.)

Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-02-03 18:21:37 -06:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-10-03 11:40:22 -07:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q 8021q: fix mac_len recomputation in vlan_untag() 2012-10-13 05:28:06 +09:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm atm: fix info leak via getsockname() 2012-10-02 09:47:06 -07:00
ax25 net ax25: Reorder ax25_exit to remove races. 2012-04-27 09:51:21 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
bluetooth Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() 2013-02-03 18:21:37 -06:00
bridge rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
caif caif: Fix access to freed pernet memory 2012-08-09 08:27:51 -07:00
can can: bcm: initialize ifindex for timeouts without previous frame reception 2012-12-03 12:59:14 -08:00
ceph ceph: fix file mode calculation 2011-07-19 11:25:04 -07:00
core rtnetlink: fix rtnl_calcit() and rtnl_dump_ifinfo() 2013-01-17 08:43:58 -08:00
dcb rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
dccp dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO) 2012-10-02 09:47:21 -07:00
decnet rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
econet econet: Fix set-but-unused variable. 2011-04-17 00:15:22 -07:00
ethernet net: add IFF_SKB_TX_SHARED flag to priv_flags 2011-08-15 18:31:38 -07:00
ieee802154 ieee802154: Don't leak memory in ieee802154_nl_fill_phy 2011-06-13 18:03:22 -04:00
ipv4 rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
ipv6 rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: iriap: Use seperate lockdep class for irias_objects->hb_spinlock 2011-06-06 17:00:35 -07:00
iucv [S390] irq: merge irq.c and s390_ext.c 2011-05-26 09:48:24 +02:00
key net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
l2tp l2tp: fix oops in l2tp_eth_create() error path 2012-11-17 13:14:25 -08:00
lapb
llc llc: fix info leak via getsockname() 2012-10-02 09:47:21 -07:00
mac80211 mac80211: use del_timer_sync for final sta cleanup timer deletion 2013-01-17 08:44:09 -08:00
netfilter rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
netlabel Remove prefetch() from <linux/skbuff.h> and "netlabel_addrlist.h" 2011-05-22 21:43:41 -07:00
netlink rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
netrom netrom: copy_datagram_iovec can fail 2012-10-13 05:28:08 +09:00
packet af_packet: remove BUG statement in tpacket_destruct_skb 2012-10-02 09:47:05 -07:00
phonet rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
rds RDS: fix rds-ping spinlock recursion 2012-10-28 10:02:13 -07:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose rose_dev: fix memcpy-bug in rose_set_mac_address 2012-04-13 08:14:05 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
sctp sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall 2013-01-11 09:03:35 -08:00
sunrpc SUNRPC: Ensure that we free the rpc_task after cleanups are done 2013-01-17 08:43:55 -08:00
tipc tipc: Revise timings used when sending link request messages 2011-05-10 16:04:02 -04:00
unix net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
wanrouter wanmain: comparing array with NULL 2012-08-09 08:27:52 -07:00
wimax
wireless wireless: allow 40 MHz on world roaming channels 12/13 2012-11-26 11:34:35 -08:00
x25 x25: Prevent skb overreads when checking call user data 2011-10-25 07:10:17 +02:00
xfrm rtnetlink: Compute and store minimum ifinfo dump size 2013-01-17 08:43:58 -08:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig bpf: depends on MODULES 2011-04-29 10:20:53 -07:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c net: fix info leak in compat dev_ifconf() 2012-10-02 09:47:22 -07:00
sysctl_net.c
TUNABLE