mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/bluetooth
History
David Herrmann b3916db32c Bluetooth: hidp: verify l2cap sockets 
We need to verify that the given sockets actually are l2cap sockets. If
they aren't, we are not supposed to access bt_sk(sock) and we shouldn't
start the session if the offsets turn out to be valid local BT addresses.

That is, if someone passes a TCP socket to HIDCONNADD, then we access some
random offset in the TCP socket (which isn't even guaranteed to be valid).

Fix this by checking that the socket is an l2cap socket.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
 		2013-04-05 23:44:14 -03:00
..
bnep Bluetooth: discard bt_sock_unregister() errors 2013-03-08 10:38:44 -03:00
cmtp Bluetooth: discard bt_sock_unregister() errors 2013-03-08 10:38:44 -03:00
hidp Bluetooth: hidp: verify l2cap sockets 2013-04-05 23:44:14 -03:00
rfcomm Bluetooth: fix error return code in rfcomm_add_listener() 2013-03-20 14:17:52 -03:00
Kconfig Bluetooth: trivial: Remove newline before EOF 2012-10-24 00:42:47 -02:00
Makefile Bluetooth: AMP: Use HCI cmd to Read Loc AMP Assoc 2012-09-27 17:10:32 -03:00
a2mp.c Bluetooth: Replaced kzalloc and memcpy with kmemdup 2013-03-18 14:01:50 -03:00
af_bluetooth.c Bluetooth: change bt_sock_unregister() to return void 2013-03-08 10:38:44 -03:00
amp.c Bluetooth: AMP: Use set_bit / test_bit for amp_mgr state 2013-01-09 17:05:05 -02:00
hci_conn.c Bluetooth: Rename hci_acl_disconn 2013-03-08 10:38:43 -03:00
hci_core.c Bluetooth: Remove driver init queue from core 2013-04-04 19:28:25 +03:00
hci_event.c Bluetooth: Add support for custom event terminated commands 2013-04-04 19:16:08 +03:00
hci_sock.c Bluetooth: Fix stand-alone HCI command handling 2013-03-08 10:40:26 -03:00
hci_sysfs.c Bluetooth: Use PTR_RET function 2013-03-18 11:56:15 -03:00
l2cap_core.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2013-01-30 14:21:04 -05:00
l2cap_sock.c Bluetooth: hidp: verify l2cap sockets 2013-04-05 23:44:14 -03:00
lib.c bluetooth: Remove unneeded batostr function 2012-09-27 18:10:43 -03:00
mgmt.c Bluetooth: Fix PIN/Confirm/Passkey response parameters 2013-03-18 15:36:05 -03:00
sco.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2013-03-29 16:41:36 -04:00
smp.c Bluetooth: Fix handling of unexpected SMP PDUs 2013-01-31 15:35:42 -02:00