Return-Path: Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Subject: Re: [PATCH v2] Bluetooth: Prevent buffer overflow for large advertisement data From: Marcel Holtmann In-Reply-To: <1524210384-19845-1-git-send-email-chriz.chow@aminocom.com> Date: Mon, 23 Apr 2018 19:58:43 +0200 Cc: Johan Hedberg , BlueZ development , Szymon Janc , Chriz Chow Message-Id: <6CA9D034-6A25-4D8C-80F1-A147FC94351F@holtmann.org> References: <1646173.KpzMEjoeCb@ix> <1524210384-19845-1-git-send-email-chriz.chow@aminocom.com> To: Chriz Chow Sender: linux-bluetooth-owner@vger.kernel.org List-ID: Hi Chriz, > There are some controllers sending out advertising data with illegal > length value which is longer than HCI_MAX_AD_LENGTH, causing the > buffer last_adv_data overflows. To avoid these controllers from > overflowing the buffer, we do not process the advertisement data > if its length is incorrect. > > Signed-off-by: Chriz Chow > --- > net/bluetooth/hci_event.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel