From mboxrd@z Thu Jan  1 00:00:00 1970
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH 2/2] Bluetooth: check the buffer size for some messages
 before parsing
Date: Thu, 10 Jan 2019 07:30:13 +0100
Message-ID: <20190110063013.GD15047@kroah.com>
References: <20190110062833.GA15047@kroah.com>
 <20190110062917.GB15047@kroah.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org
To: Marcel Holtmann <marcel@holtmann.org>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        Ran Menscher <ran.menscher@karambasecurity.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail.kernel.org ([198.145.29.99]:38114 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725536AbfAJGaR (ORCPT <rfc822;netdev@vger.kernel.org>);
        Thu, 10 Jan 2019 01:30:17 -0500
Content-Disposition: inline
In-Reply-To: <20190110062917.GB15047@kroah.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Thu, Jan 10, 2019 at 07:29:17AM +0100, Greg Kroah-Hartman wrote:
> The L2CAP_CONF_EFS and L2CAP_CONF_RFC messages can be sent from
> userspace so their structure sizes need to be checked before parsing
> them.
> 
> Based on a patch from Ran Menscher.

Ran, can you verify if these two patches solve the problems you reported
or not?

thanks,

greg k-h