Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
[ Upstream commit 713baf3d ] An earlier commit replaced using batostr to using %pMR sprintf for the construction of session->name. Static analysis detected that this new method can use a total of 21 characters (including the trailing '\0') so we need to increase the BTNAMSIZ from 18 to 21 to fix potential buffer overflows. Addresses-Coverity: ("Out-of-bounds write") Fixes: fcb73338 ("Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr") Signed-off-by:Colin Ian King <colin.king@canonical.com> Signed-off-by:
Marcel Holtmann <marcel@holtmann.org> Signed-off-by:
Sasha Levin <sashal@kernel.org>
Loading
Please sign in to comment