Bluetooth: Potential buffer overflow with Add Advertising |
||
Issue description
Upstream commit 6a0e78072c2ae:
Bluetooth: Fix potential buffer overflow with Add Advertising
The Add Advertising command handler does the appropriate checks for
the AD and Scan Response data, however fails to take into account the
general length of the mgmt command itself, which could lead to
potential buffer overflows. This patch adds the necessary check that
the mgmt command length is consistent with the given ad and scan_rsp
lengths.
Affects chromeos-4.4.
,
Jun 1 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by bugdroid1@chromium.org
, Jun 1 2016