lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Dec 2014 06:20:58 +0000 From: Al Viro <viro@...IV.linux.org.uk> To: David Miller <davem@...emloft.net> Cc: Marcel Holtmann <marcel@...tmann.org>, netdev@...r.kernel.org, linux-bluetooth@...r.kernel.org Subject: [PATCH 2/3] cmtp: cmtp_add_connection() should verify that it's dealing with l2cap socket From: Al Viro <viro@...iv.linux.org.uk> ... rather than relying on ciptool(8) never passing it anything else. Give it e.g. an AF_UNIX connected socket (from socketpair(2)) and it'll oops, trying to evaluate &l2cap_pi(sock->sk)->chan->dst... Signed-off-by: Al Viro <viro@...iv.linux.org.uk> --- net/bluetooth/cmtp/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c index 67fe5e8..fd57db8 100644 --- a/net/bluetooth/cmtp/core.c +++ b/net/bluetooth/cmtp/core.c @@ -333,6 +333,8 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock) int i, err; BT_DBG(""); + if (!l2cap_is_socket(sock)) + return -EBADFD; session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL); if (!session) -- 2.1.3 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists