Bluetooth: Add sockaddr length checks before accessing sa_family in bind and connect handlers
Verify that the caller-provided sockaddr structure is large enough to contain the sa_family field, before accessing it in bind() and connect() handlers of the Bluetooth sockets. Since neither syscall enforces a minimum size of the corresponding memory region, very short sockaddrs (zero or one byte long) result in operating on uninitialized memory while referencing sa_family. Signed-off-by: NMateusz Jurczyk <mjurczyk@google.com> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
Showing
想要评论请 注册 或 登录