[CVE-2017-15868][Trusty][SRU][Patch 1/1] Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket
Po-Hsu Lin
po-hsu.lin at canonical.com
Wed Dec 13 04:24:07 UTC 2017
From: Al Viro <viro at zeniv.linux.org.uk>
CVE-2017-15868
same story as cmtp
Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
Signed-off-by: Marcel Holtmann <marcel at holtmann.org>
(cherry picked from commit 71bb99a02b32b4cc4265118e85f6035ca72923f0)
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
net/bluetooth/bnep/core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index a841d3e..c7a19a1 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -533,6 +533,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
BT_DBG("");
+ if (!l2cap_is_socket(sock))
+ return -EBADFD;
+
baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst);
baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);
--
2.7.4
More information about the kernel-team
mailing list