system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-09 12:46:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
8d5c8e21c6
freebsd-src/sys/netgraph/bluetooth
History
Mark Johnston 7f7b4926a7 ng_hci: Add sockaddr validation to sendto() 
ng_btsocket_hci_raw_send() wasn't verifying that the destination address
specified by sendto() is large enough to fill a struct sockaddr_hci.
Thus, when copying the socket address into an mbuf,
ng_btsocket_hci_raw_send() may read past the end of the input sockaddr
while copying.

In practice this is effectively harmless since
ng_btsocket_hci_raw_output() only uses the address to identify a
netgraph node.

Reported by:	Oliver Sieber <oliver@secfault-security.com>
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2024-04-22 11:48:00 -04:00
..
common sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
drivers sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
hci sys: Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:17 -06:00
include sockets: don't malloc/free sockaddr memory on getpeername/getsockname 2023-11-30 08:31:10 -08:00
l2cap sys: Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:17 -06:00
socket ng_hci: Add sockaddr validation to sendto() 2024-04-22 11:48:00 -04:00