upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-20 16:30:53 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netgraph/bluetooth
History
Mark Johnston 28fcfebdaf ng_hci: Add sockaddr validation to sendto() 
ng_btsocket_hci_raw_send() wasn't verifying that the destination address
specified by sendto() is large enough to fill a struct sockaddr_hci.
Thus, when copying the socket address into an mbuf,
ng_btsocket_hci_raw_send() may read past the end of the input sockaddr
while copying.

In practice this is effectively harmless since
ng_btsocket_hci_raw_output() only uses the address to identify a
netgraph node.

Reported by:	Oliver Sieber <oliver@secfault-security.com>
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 7f7b4926a779845116913c85ecbb10527daeab02)
2024-04-29 10:11:07 -04:00
..
common sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
drivers sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
hci sys: Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:17 -06:00
include sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
l2cap sys: Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:17 -06:00
socket ng_hci: Add sockaddr validation to sendto() 2024-04-29 10:11:07 -04:00