Pandora Sourcecodes - pandora-kernel.git/commit

author	Dan Rosenberg <dan.j.rosenberg@gmail.com>
	Mon, 25 Jun 2012 14:05:27 +0000 (16:05 +0200)
committer	Ben Hutchings <ben@decadent.org.uk>
	Thu, 12 Jul 2012 03:32:01 +0000 (04:32 +0100)
commit	ec5b2b02eedb2c3471d5a87ba0f72d11b04c2af1
tree	aa7124a871598918154cf963c597e29b0d2cfc3f	tree \| snapshot
parent	a49edd1239c7940218aad7366d0dbd5a61bae556	commit \| diff

NFC: Prevent multiple buffer overflows in NCI

commit 67de956ff5dc1d4f321e16cfbd63f5be3b691b43 upstream.

Fix multiple remotely-exploitable stack-based buffer overflows due to
the NCI code pulling length fields directly from incoming frames and
copying too much data into statically-sized arrays.

Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Cc: security@kernel.org
Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org>
Cc: Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Cc: David S. Miller <davem@davemloft.net>
Acked-by: Ilan Elias <ilane@ti.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
[bwh: Backported to 3.2:
- Drop changes to parsing of tech B and tech F parameters
- Various renaming]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>