Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow

An earlier commit replaced using batostr to using %pMR sprintf for the construction of session->name. Static analysis detected that this new method can use a total of 21 characters (including the trailing '\0') so we need to increase the BTNAMSIZ from 18 to 21 to fix potential buffer overflows. Addresses-Coverity: ("Out-of-bounds write") Fixes: fcb73338 ("Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
An earlier commit replaced using batostr to using %pMR sprintf for the construction of session->name. Static analysis detected that this new method can use a total of 21 characters (including the trailing '\0') so we need to increase the BTNAMSIZ from 18 to 21 to fix potential buffer overflows. Addresses-Coverity: ("Out-of-bounds write") Fixes: fcb73338 ("Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
713baf3d · Colin Ian King · Marcel Holtmann · 6eefec4a · 713baf3d
Commit 713baf3d authored Aug 04, 2021 by Colin Ian King Committed by Marcel Holtmann Aug 05, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

net/bluetooth/cmtp/cmtp.h net/bluetooth/cmtp/cmtp.h +1 -1

No files found.
--- a/net/bluetooth/cmtp/cmtp.h
+++ b/net/bluetooth/cmtp/cmtp.h
@@ -26,7 +26,7 @@
 #include <linux/types.h>
 #include <net/bluetooth/bluetooth.h>

-#define BTNAMSIZ 18
+#define BTNAMSIZ 21

 /* CMTP ioctl defines */
 #define CMTPCONNADD	_IOW('C', 200, int)