btmon: fix segfault caused by buffer overflow Buffer overflow vulnerability in monitor/sdp.c SDP continuation handling caused btmon to crash. This happens in global static buffer which makes it non-trivial to exploit. This is nasty bug in a way that this can be triggered also over the air by sending malformed SDP Search Attribute request to device running btmon. This crash was foung by fuzzing btmon with AFL. Seems to be reproducible also with Synopsys Defensics SDP Server suite.

Diffstat

1 files changed, 6 insertions(+), 1 deletions(-)