-
由 Mateusz Jurczyk 提交于
Verify that the caller-provided sockaddr structure is large enough to contain the sa_family field, before accessing it in bind() and connect() handlers of the Bluetooth sockets. Since neither syscall enforces a minimum size of the corresponding memory region, very short sockaddrs (zero or one byte long) result in operating on uninitialized memory while referencing sa_family. Signed-off-by: NMateusz Jurczyk <mjurczyk@google.com> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
d2ecfa76