ACK / APPLIED[D]: [SRU] [T/X/B/C/D] [PATCH 0/1] CVE-2019-3459 - Heap address infoleak in use of l2cap_get_conf_opt
Seth Forshee
seth.forshee at canonical.com
Wed Feb 20 11:25:09 UTC 2019
On Tue, Feb 19, 2019 at 06:48:55PM +0800, Kai-Heng Feng wrote:
> Heap data infoleak in multiple locations including
> functionl2cap_parse_conf_rsp
>
> The fix itself is quite trivial, quote the commit message:
> "To prevent any potential leak of heap memory, it is enough to check
> that the resulting len calculation after calling l2cap_get_conf_opt is
> not below zero. A well formed packet will always return >= 0 here and
> will end with the length value being zero after the last option has been
> parsed. In case of malformed packets messing with the opt->len field the
> length value will become negative. If that is the case, then just abort
> and ignore the option."
Looks reasonable.
Acked-by: Seth Forshee <seth.forshee at canonical.com>
Applied to disco/master-next and unstable/master, thanks!
More information about the kernel-team
mailing list