Hi Dan,
> This change is similar to commit a1616a5ac99e ("Bluetooth: hidp: fix
> buffer overflow") but for the compat ioctl. We take a string from the
> user and forgot to ensure that it's NUL terminated.
>
> I have also changed the strncpy() in to strscpy() in hidp_setup_hid().
> The difference is the strncpy() doesn't necessarily NUL terminate the
> destination string. Either change would fix the problem but it's nice
> to take a belt and suspenders approach and do both.
>
> Signed-off-by: Dan Carpenter <[email protected]>
> ---
> net/bluetooth/hidp/core.c | 2 +-
> net/bluetooth/hidp/sock.c | 1 +
> 2 files changed, 2 insertions(+), 1 deletion(-)
patch has been applied to bluetooth-next tree.
Regards
Marcel
