Vasiliy Kulikov 794cf45690 Bluetooth: bnep: fix buffer overflow ... commit 43629f8f5e upstream. Struct ca is copied from userspace. It is not checked whether the "device" field is NULL terminated. This potentially leads to BUG() inside of alloc_netdev_mqs() and/or information leak by creating a device with a name made of contents of kernel stack. Signed-off-by: Vasiliy Kulikov <segoon@openwall.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com>		2011-04-28 08:20:55 -07:00
..
bnep	Bluetooth: bnep: fix buffer overflow	2011-04-28 08:20:55 -07:00
cmtp	net: sk_sleep() helper	2010-04-20 16:37:13 -07:00
hidp	net: sk_sleep() helper	2010-04-20 16:37:13 -07:00
rfcomm	net: Remove unnecessary returns from void function()s	2010-05-17 23:23:14 -07:00
af_bluetooth.c	net: sk_sleep() helper	2010-04-20 16:37:13 -07:00
hci_conn.c	Bluetooth: Update sec_level/auth_type for already existing connections	2010-07-08 20:35:31 -03:00
hci_core.c	net: Remove unnecessary returns from void function()s	2010-05-17 23:23:14 -07:00
hci_event.c	Bluetooth: Reset the security level after an authentication failure	2010-07-08 20:35:27 -03:00
hci_sock.c	Bluetooth: Fix out of scope variable access in hci_sock_cmsg()	2010-02-28 00:47:30 -08:00
hci_sysfs.c	Bluetooth: Use strict_strtoul instead of simple_strtoul	2010-05-10 09:34:04 +02:00
Kconfig	Bluetooth: Add Kconfig option for L2CAP Extended Features	2010-05-10 09:28:51 +02:00
l2cap.c	Bluetooth: Check L2CAP pending status before sending connect request	2010-07-08 20:35:23 -03:00
lib.c	[NET] BLUETOOTH: Fix whitespace errors.	2007-02-10 23:19:20 -08:00
Makefile	Linux-2.6.12-rc2	2005-04-16 15:20:36 -07:00
sco.c	Bluetooth: sco: fix information leak to userspace	2011-04-28 08:20:55 -07:00