From: Vasiliy Kulikov <segoon@openwall.com>
Date: Mon, 14 Feb 2011 10:54:31 +0000 (+0300)
Subject: Bluetooth: bnep: fix buffer overflow
X-Git-Tag: v2.6.39-rc1~468^2~238^2^2~45^2~28
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43629f8f5ea32a998d06d1bb41eefa0e821ff573;p=pandora-kernel.git

Bluetooth: bnep: fix buffer overflow

Struct ca is copied from userspace.  It is not checked whether the "device"
field is NULL terminated.  This potentially leads to BUG() inside of
alloc_netdev_mqs() and/or information leak by creating a device with a name
made of contents of kernel stack.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---

Reading git-diff-tree failed