mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-05 08:26:59 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/bluetooth
History
Itay Iellin 45c05171d6 Bluetooth: Fix the creation of hdev->name 
commit 103a2f3255 upstream.

Set a size limit of 8 bytes of the written buffer to "hdev->name"
including the terminating null byte, as the size of "hdev->name" is 8
bytes. If an id value which is greater than 9999 is allocated,
then the "snprintf(hdev->name, sizeof(hdev->name), "hci%d", id)"
function call would lead to a truncation of the id value in decimal
notation.

Set an explicit maximum id parameter in the id allocation function call.
The id allocation function defines the maximum allocated id value as the
maximum id parameter value minus one. Therefore, HCI_MAX_ID is defined
as 10000.

Signed-off-by: Itay Iellin <ieitayie@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-05-15 19:54:47 +02:00
..
bnep
cmtp Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails 2022-01-27 09:19:29 +01:00
hidp Bluetooth: hidp: use correct wait queue when removing ctrl_wait 2021-08-26 08:36:15 -04:00
rfcomm Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl 2020-04-13 10:48:13 +02:00
6lowpan.c Bluetooth: add a mutex lock to avoid UAF in do_enale_set 2020-08-19 08:15:59 +02:00
a2mp.c Bluetooth: drop HCI device reference before return 2021-03-04 10:26:14 +01:00
a2mp.h
af_bluetooth.c net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
amp.c Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data 2021-03-07 12:20:45 +01:00
amp.h
ecdh_helper.c
ecdh_helper.h Fix misc new gcc warnings 2021-05-11 14:04:16 +02:00
hci_conn.c Bluetooth: Disconnect if E0 is used for Level 4 2020-10-17 10:11:22 +02:00
hci_core.c Bluetooth: Fix the creation of hdev->name 2022-05-15 19:54:47 +02:00
hci_debugfs.c Bluetooth: Add debug setting for changing minimum encryption key size 2019-08-17 13:54:40 +03:00
hci_debugfs.h
hci_event.c Bluetooth: Fix use after free in hci_send_acl 2022-04-15 14:18:34 +02:00
hci_request.c bluetooth: eliminate the potential race condition when removing the HCI controller 2021-05-14 09:44:10 +02:00
hci_request.h Bluetooth: Use controller sets when available 2019-07-06 15:38:18 +02:00
hci_sock.c Bluetooth: defer cleanup of resources in hci_unregister_dev() 2021-08-12 13:20:58 +02:00
hci_sysfs.c Bluetooth: defer cleanup of resources in hci_unregister_dev() 2021-08-12 13:20:58 +02:00
Kconfig bluetooth: switch to AES library 2019-07-26 14:58:12 +10:00
l2cap_core.c Bluetooth: initialize skb_queue_head at l2cap_chan_create() 2021-05-19 10:08:21 +02:00
l2cap_sock.c Bluetooth: fix use-after-free error in lock_sock_nested() 2021-11-17 09:48:27 +01:00
leds.c
leds.h
lib.c
Makefile
mgmt.c Bluetooth: Fix the HCI to MGMT status conversion table 2021-07-19 08:53:13 +02:00
mgmt_util.c
mgmt_util.h
sco.c Bluetooth: fix init and cleanup of sco_conn.timeout_work 2021-11-17 09:48:33 +01:00
selftest.c
selftest.h
smp.c Bluetooth: SMP: Fail if remote and local public keys are identical 2021-05-26 12:05:21 +02:00
smp.h