| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <B3E07F67-11A7-4E96-B59D-2FE6D48BB538@holtmann.org>
Date: Thu, 5 Aug 2021 15:06:32 +0200
From: Marcel Holtmann <marcel@...tmann.org>
To: Colin King <colin.king@...onical.com>
Cc: Karsten Keil <isdn@...ux-pingi.de>,
Johan Hedberg <johan.hedberg@...il.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Andrei Emeltchenko <andrei.emeltchenko@...el.com>,
Gustavo Padovan <gustavo.padovan@...labora.co.uk>,
"open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>,
BlueZ <linux-bluetooth@...r.kernel.org>,
kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Bluetooth: increase BTNAMSIZ to 21 chars to fix potential
buffer overflow
Hi Colin,
> An earlier commit replaced using batostr to using %pMR sprintf for the
> construction of session->name. Static analysis detected that this new
> method can use a total of 21 characters (including the trailing '\0')
> so we need to increase the BTNAMSIZ from 18 to 21 to fix potential
> buffer overflows.
>
> Addresses-Coverity: ("Out-of-bounds write")
> Fixes: fcb73338ed53 ("Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
> net/bluetooth/cmtp/cmtp.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
patch has been applied to bluetooth-next tree.
Regards
Marcel
Powered by blists - more mailing lists