korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 16:24:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
0a9ab9bdb3
linux/net/bluetooth
History
Anderson Lizardo 0a9ab9bdb3 Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() 
The length parameter should be sizeof(req->name) - 1 because there is no
guarantee that string provided by userspace will contain the trailing
'\0'.

Can be easily reproduced by manually setting req->name to 128 non-zero
bytes prior to ioctl(HIDPCONNADD) and checking the device name setup on
input subsystem:

$ cat /sys/devices/pnp0/00\:04/tty/ttyS0/hci0/hci0\:1/input8/name
AAAAAA[...]AAAAAAAAf0:af:f0:af:f0:af

("f0:af:f0:af:f0:af" is the device bluetooth address, taken from "phys"
field in struct hid_device due to overflow.)

Cc: stable@vger.kernel.org
Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-01-09 17:39:05 -02:00
..
bnep Bluetooth: Remove unnecessary include export.h 2012-11-01 20:27:04 -02:00
cmtp Bluetooth: Replace include linux/module.h with linux/export.h 2012-10-24 00:44:05 -02:00
hidp Bluetooth: Fix incorrect strncpy() in hidp_setup_hid() 2013-01-09 17:39:05 -02:00
rfcomm Bluetooth: Add missing lock nesting notation 2012-12-03 15:59:10 -02:00
a2mp.c Bluetooth: Rename ctrl_id to remote_amp_id 2012-11-01 20:27:11 -02:00
af_bluetooth.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2012-10-19 15:22:27 -04:00
amp.c Bluetooth: Set local_amp_id after getting Phylink Completed evt 2012-11-20 15:54:44 -02:00
hci_conn.c Bluetooth: Add put(hcon) when deleting hchan 2012-11-01 20:27:03 -02:00
hci_core.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2012-12-03 13:46:03 -05:00
hci_event.c Bluetooth: Fix sending HCI commands after reset 2013-01-09 17:05:14 -02:00
hci_sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-28 14:40:49 -04:00
hci_sysfs.c Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr 2012-09-27 18:10:15 -03:00
Kconfig Bluetooth: trivial: Remove newline before EOF 2012-10-24 00:42:47 -02:00
l2cap_core.c Bluetooth: trivial: Change NO_FCS_RECV to RECV_NO_FCS 2012-12-03 16:00:01 -02:00
l2cap_sock.c Bluetooth: Start channel move when socket option is changed 2012-10-24 00:26:30 -02:00
lib.c bluetooth: Remove unneeded batostr function 2012-09-27 18:10:43 -03:00
Makefile Bluetooth: AMP: Use HCI cmd to Read Loc AMP Assoc 2012-09-27 17:10:32 -03:00
mgmt.c Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2012-12-03 13:46:03 -05:00
sco.c Revert "Bluetooth: Fix possible deadlock in SCO code" 2012-12-03 16:00:04 -02:00
smp.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2012-11-21 12:57:56 -05:00