lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <167113921758.15811.17067027797406608637.git-patchwork-notify@kernel.org>
Date:   Thu, 15 Dec 2022 21:20:17 +0000
From:   patchwork-bot+bluetooth@...nel.org
To:     Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
Cc:     harshit.m.mogalapalli@...il.com, error27@...il.com,
        darren.kenny@...cle.com, marcel@...tmann.org,
        johan.hedberg@...il.com, luiz.dentz@...il.com, davem@...emloft.net,
        edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
        brian.gix@...el.com, linux-bluetooth@...r.kernel.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Bluetooth: Fix a buffer overflow in mgmt_mesh_add()

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@...el.com>:

On Mon, 12 Dec 2022 05:08:28 -0800 you wrote:
> Smatch Warning:
> net/bluetooth/mgmt_util.c:375 mgmt_mesh_add() error: __memcpy()
> 'mesh_tx->param' too small (48 vs 50)
> 
> Analysis:
> 
> 'mesh_tx->param' is array of size 48. This is the destination.
> u8 param[sizeof(struct mgmt_cp_mesh_send) + 29]; // 19 + 29 = 48.
> 
> [...]

Here is the summary with links:
  - Bluetooth: Fix a buffer overflow in mgmt_mesh_add()
    https://git.kernel.org/bluetooth/bluetooth-next/c/becee9f3220c

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ