Re: [PATCH] Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow

From: Marcel Holtmann
Date: Thu Aug 05 2021 - 09:06:40 EST

Next message: Olivier Langlois: "Re: [PATCH] coredump: Limit what can interrupt coredumps"
Previous message: Bjorn Helgaas: "Re: [PATCH net-next 1/2] timer: add fsleep for flexible sleeping"
In reply to: Colin King: "[PATCH] Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Colin,

> An earlier commit replaced using batostr to using %pMR sprintf for the
> construction of session->name. Static analysis detected that this new
> method can use a total of 21 characters (including the trailing '\0')
> so we need to increase the BTNAMSIZ from 18 to 21 to fix potential
> buffer overflows.
>
> Addresses-Coverity: ("Out-of-bounds write")
> Fixes: fcb73338ed53 ("Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> ---
> net/bluetooth/cmtp/cmtp.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

patch has been applied to bluetooth-next tree.

Regards

Marcel

Next message: Olivier Langlois: "Re: [PATCH] coredump: Limit what can interrupt coredumps"
Previous message: Bjorn Helgaas: "Re: [PATCH net-next 1/2] timer: add fsleep for flexible sleeping"
In reply to: Colin King: "[PATCH] Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]