Bluetooth: stop proccessing malicious adv data - kernel

diff options

author	Pavel Skripkin <[email protected]>	2021-11-01 07:12:12 +0000
committer	Marcel Holtmann <[email protected]>	2021-11-16 12:59:20 +0000
commit	3a56ef719f0b9682afb8a86d64b2399e36faa4e6 (patch)
tree	c3e6b7d83ea115d0fad007d36fdf3691aec1e071 /net/bluetooth/hci_request.c
parent	Bluetooth: hci_h4: Fix padding calculation error within h4_recv_buf() (diff)
download	kernel-3a56ef719f0b9682afb8a86d64b2399e36faa4e6.tar.gz kernel-3a56ef719f0b9682afb8a86d64b2399e36faa4e6.zip

Bluetooth: stop proccessing malicious adv data

Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The problem was in missing validaion check. We should check if data is not malicious and we can read next data block. If we won't check ptr validness, code can read a way beyond skb->end and it can cause problems, of course. Fixes: e95beb414168 ("Bluetooth: hci_le_adv_report_evt code refactoring") Reported-and-tested-by: [email protected] Signed-off-by: Pavel Skripkin <[email protected]> Signed-off-by: Marcel Holtmann <[email protected]>

Diffstat (limited to 'net/bluetooth/hci_request.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: