lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 06 May 2024 17:00:28 +0000
From: patchwork-bot+bluetooth@...nel.org
To: Sungwoo Kim <iam@...g-woo.kim>
Cc: luiz.dentz@...il.com, daveti@...due.edu, benquike@...il.com,
 marcel@...tmann.org, johan.hedberg@...il.com, davem@...emloft.net,
 edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
 linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] Bluetooth: L2CAP: Fix div-by-zero in
 l2cap_le_flowctl_init()

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@...el.com>:

On Sat,  4 May 2024 15:23:29 -0400 you wrote:
> l2cap_le_flowctl_init() can cause both div-by-zero and an integer
> overflow since hdev->le_mtu may not fall in the valid range.
> 
> Move MTU from hci_dev to hci_conn to validate MTU and stop the connection
> process earlier if MTU is invalid.
> Also, add a missing validation in read_buffer_size() and make it return
> an error value if the validation fails.
> Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a
> kzalloc failure and invalid MTU value.
> 
> [...]

Here is the summary with links:
  - [v4] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
    https://git.kernel.org/bluetooth/bluetooth-next/c/93e31170f4d0

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ