| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Feb 2011 12:35:32 -0200 From: "Gustavo F. Padovan" <padovan@...fusion.mobi> To: Vasiliy Kulikov <segoon@...nwall.com> Cc: linux-kernel@...r.kernel.org, security@...nel.org, Marcel Holtmann <marcel@...tmann.org>, "David S. Miller" <davem@...emloft.net>, Tejun Heo <tj@...nel.org>, linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] bluetooth: bnep: fix buffer overflow Hi Vasiliy, * Vasiliy Kulikov <segoon@...nwall.com> [2011-02-14 13:54:31 +0300]: > Struct ca is copied from userspace. It is not checked whether the "device" > field is NULL terminated. This potentially leads to BUG() inside of > alloc_netdev_mqs() and/or information leak by creating a device with a name > made of contents of kernel stack. > > Signed-off-by: Vasiliy Kulikov <segoon@...nwall.com> > --- > Compile tested. > > net/bluetooth/bnep/sock.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) Applied, thanks. -- Gustavo F. Padovan http://profusion.mobi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists