Dan Rosenberg 2da16873a8 Bluetooth: Prevent buffer overflow in l2cap config request ... commit 7ac2881753 upstream. A remote user can provide a small value for the command size field in the command header of an l2cap configuration request, resulting in an integer underflow when subtracting the size of the configuration request header. This results in copying a very large amount of data via memcpy() and destroying the kernel heap. Check for underflow. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Willy Tarreau <w@1wt.eu>		2012-02-11 15:37:50 +01:00
..
bnep	Bluetooth: bnep: fix buffer overflow	2011-04-30 16:53:29 +02:00
cmtp	[BLUETOOTH]: Use sockfd_put()	2008-01-28 15:00:48 -08:00
hidp	bluetooth hid: enable quirk handling for Apple Wireless Keyboards in 2.6.27	2009-02-17 09:46:28 -08:00
rfcomm	[Bluetooth] Consolidate maintainers information	2008-08-18 13:23:53 +02:00
af_bluetooth.c	[Bluetooth] Reject L2CAP connections on an insecure ACL link	2008-09-09 07:19:20 +02:00
hci_conn.c	[Bluetooth] Reject L2CAP connections on an insecure ACL link	2008-09-09 07:19:20 +02:00
hci_core.c	[Bluetooth] Fix regression from using default link policy	2008-09-12 03:11:54 +02:00
hci_event.c	[Bluetooth] Fix reference counting during ACL config stage	2008-09-09 07:19:19 +02:00
hci_sock.c	[Bluetooth] Export details about authentication requirements	2008-07-14 20:13:50 +02:00
hci_sysfs.c	[Bluetooth] Fix userspace breakage due missing class links	2008-08-18 13:23:53 +02:00
Kconfig	[S390] Kconfig: unwanted menus for s390.	2007-05-10 15:46:07 +02:00
l2cap.c	Bluetooth: Prevent buffer overflow in l2cap config request	2012-02-11 15:37:50 +01:00
lib.c	[NET] BLUETOOTH: Fix whitespace errors.	2007-02-10 23:19:20 -08:00
Makefile	Linux-2.6.12-rc2	2005-04-16 15:20:36 -07:00
sco.c	Bluetooth: sco: fix information leak to userspace	2011-04-30 16:53:28 +02:00