Commit 3aa1dc3c authored by Kees Cook's avatar Kees Cook Committed by Luiz Augusto von Dentz
Browse files

Bluetooth: btintel: Check dsbr size from EFI variable 



Since the size of struct btintel_dsbr is already known, we can just
start there instead of querying the EFI variable size. If the final
result doesn't match what we expect also fail. This fixes a stack buffer
overflow when the EFI variable is larger than struct btintel_dsbr.

Reported-by: default avatarzepta <z3ptaa@gmail.com>
Closes: https://lore.kernel.org/all/CAPBS6KoaWV9=dtjTESZiU6KK__OZX0KpDk-=JEH8jCHFLUYv3Q@mail.gmail.com


Fixes: eb9e749c ("Bluetooth: btintel: Allow configuring drive strength of BRI")
Signed-off-by: default avatarKees Cook <kees@kernel.org>
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
parent 3bb88524
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment