OSDN Git Service
(root)
/
linux-kernel-docs
/
linux-2.4.36.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
51addbe
)
[PATCH] Bluetooth: correct fix for CVE-2007-1353
author
Willy Tarreau
<w@1wt.eu>
Wed, 6 Jun 2007 05:50:57 +0000
(07:50 +0200)
committer
Willy Tarreau
<w@1wt.eu>
Wed, 6 Jun 2007 05:50:57 +0000
(07:50 +0200)
Marcel Holtmann notified me that my previous fix for CVE-2007-1353
was wrong because of a stupid memcpy() with unchecked length, which
indeed made it worse than the original bug. Next time I'll be more
careful with copy-pasting !
net/bluetooth/hci_sock.c
patch
|
blob
|
history
diff --git
a/net/bluetooth/hci_sock.c
b/net/bluetooth/hci_sock.c
index
8ececee
..
b66daa9
100644
(file)
--- a/
net/bluetooth/hci_sock.c
+++ b/
net/bluetooth/hci_sock.c
@@
-469,7
+469,7
@@
int hci_sock_setsockopt(struct socket *sock, int level, int optname, char *optva
break;
case HCI_FILTER:
- memcpy(&flt, &hci_pi(sk)->filter,
len
);
+ memcpy(&flt, &hci_pi(sk)->filter,
sizeof(flt)
);
len = MIN(len, sizeof(struct hci_filter));
if (copy_from_user(&flt, optval, len)) {
OSDN Git Service
