linux/net/bluetooth/rfcomm
Mathias Krause e11e0455c0 Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg()
If RFCOMM_DEFER_SETUP is set in the flags, rfcomm_sock_recvmsg() returns
early with 0 without updating the possibly set msg_namelen member. This,
in turn, leads to a 128 byte kernel stack leak in net/socket.c.

Fix this by updating msg_namelen in this case. For all other cases it
will be handled in bt_sock_stream_recvmsg().

Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-07 16:28:00 -04:00
..
core.c net: remove redundant check for timer pending state before del_timer 2013-02-04 13:26:49 -05:00
Kconfig tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
Makefile
sock.c Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() 2013-04-07 16:28:00 -04:00
tty.c TTY: switch tty_flip_buffer_push 2013-01-15 22:30:15 -08:00