Bluetooth: hci_sock: fix slab oob read in create_monitor_event
commit 18f547f3fc074500ab5d419cf482240324e73a7e upstream. When accessing hdev->name, the actual string length should prevail Reported-by: syzbot+c90849c50ed209d77689@syzkaller.appspotmail.com Fixes: dcda165706b9 ("Bluetooth: hci_core: Fix build warnings") Signed-off-by: Edward AD <twuufnxlz@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
a0f0e43128
commit
4d161e18b1
@ -430,7 +430,7 @@ static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
|
|||||||
ni->type = hdev->dev_type;
|
ni->type = hdev->dev_type;
|
||||||
ni->bus = hdev->bus;
|
ni->bus = hdev->bus;
|
||||||
bacpy(&ni->bdaddr, &hdev->bdaddr);
|
bacpy(&ni->bdaddr, &hdev->bdaddr);
|
||||||
memcpy(ni->name, hdev->name, 8);
|
memcpy(ni->name, hdev->name, strlen(hdev->name));
|
||||||
|
|
||||||
opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
|
opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user