Message ID | 20171213042407.14664-2-po-hsu.lin@canonical.com |
---|---|
State | New |
Headers | show |
Series | Fix for CVE-2017-15868 | expand |
On 13.12.2017 05:24, Po-Hsu Lin wrote: > From: Al Viro <viro@zeniv.linux.org.uk> > > CVE-2017-15868 > > same story as cmtp > > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> > Signed-off-by: Marcel Holtmann <marcel@holtmann.org> > (cherry picked from commit 71bb99a02b32b4cc4265118e85f6035ca72923f0) > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > net/bluetooth/bnep/core.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c > index a841d3e..c7a19a1 100644 > --- a/net/bluetooth/bnep/core.c > +++ b/net/bluetooth/bnep/core.c > @@ -533,6 +533,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock) > > BT_DBG(""); > > + if (!l2cap_is_socket(sock)) > + return -EBADFD; > + > baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst); > baswap((void *) src, &l2cap_pi(sock->sk)->chan->src); > >
On 13/12/17 04:24, Po-Hsu Lin wrote: > From: Al Viro <viro@zeniv.linux.org.uk> > > CVE-2017-15868 > > same story as cmtp > > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> > Signed-off-by: Marcel Holtmann <marcel@holtmann.org> > (cherry picked from commit 71bb99a02b32b4cc4265118e85f6035ca72923f0) > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> > --- > net/bluetooth/bnep/core.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c > index a841d3e..c7a19a1 100644 > --- a/net/bluetooth/bnep/core.c > +++ b/net/bluetooth/bnep/core.c > @@ -533,6 +533,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock) > > BT_DBG(""); > > + if (!l2cap_is_socket(sock)) > + return -EBADFD; > + > baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst); > baswap((void *) src, &l2cap_pi(sock->sk)->chan->src); > > Clean upstream cherry pick, makes sense. Acked-by: Colin Ian King <colin.king@canonical.com>
On 13.12.2017 05:24, Po-Hsu Lin wrote: > From: Al Viro <viro@zeniv.linux.org.uk> > > CVE-2017-15868 > > same story as cmtp > > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> > Signed-off-by: Marcel Holtmann <marcel@holtmann.org> > (cherry picked from commit 71bb99a02b32b4cc4265118e85f6035ca72923f0) > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> > --- > net/bluetooth/bnep/core.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c > index a841d3e..c7a19a1 100644 > --- a/net/bluetooth/bnep/core.c > +++ b/net/bluetooth/bnep/core.c > @@ -533,6 +533,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock) > > BT_DBG(""); > > + if (!l2cap_is_socket(sock)) > + return -EBADFD; > + > baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst); > baswap((void *) src, &l2cap_pi(sock->sk)->chan->src); > > Applied to trusty/master-next. Thanks.
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c index a841d3e..c7a19a1 100644 --- a/net/bluetooth/bnep/core.c +++ b/net/bluetooth/bnep/core.c @@ -533,6 +533,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock) BT_DBG(""); + if (!l2cap_is_socket(sock)) + return -EBADFD; + baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst); baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);