iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/bluetooth/cmtp
History
Colin Ian King 7c779102f3 Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow 
[ Upstream commit 713baf3dae8f45dc8ada4ed2f5fdcbf94a5c274d ]

An earlier commit replaced using batostr to using %pMR sprintf for the
construction of session->name. Static analysis detected that this new
method can use a total of 21 characters (including the trailing '\0')
so we need to increase the BTNAMSIZ from 18 to 21 to fix potential
buffer overflows.

Addresses-Coverity: ("Out-of-bounds write")
Fixes: fcb73338ed53 ("Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-09-22 11:43:00 +02:00
..
capi.c
Bluetooth: use list_for_each_entry*
2015-12-20 08:11:10 +01:00
cmtp.h
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
2021-09-22 11:43:00 +02:00
core.c
Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
2021-06-03 08:23:30 +02:00
Kconfig
Bluetooth: Introduce BT_BREDR and BT_LE config options
2014-11-02 10:01:53 +02:00
Makefile
sock.c
net: Pass kern from net_proto_family.create to sk_alloc
2015-05-11 10:50:17 -04:00