lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 16 Jun 2024 22:44:46 +0200
From: Paul Menzel <pmenzel@...gen.mpg.de>
To: Edward Adam Davis <eadavis@...com>
Cc: davem@...emloft.net, edumazet@...gle.com, johan.hedberg@...il.com,
 kuba@...nel.org, linux-bluetooth@...r.kernel.org,
 linux-kernel@...r.kernel.org, luiz.dentz@...il.com,
 luiz.von.dentz@...el.com, marcel@...tmann.org, netdev@...r.kernel.org,
 pabeni@...hat.com, syzkaller-bugs@...glegroups.com,
 william.xuanziyang@...wei.com
Subject: Re: [PATCH] Bluetooth: handle value is too large should not be used
 in BIG

Dear Edward,


Thank you for your patch. It’d be nice if you made the commit message 
about the action, like:

Bluetooth: Ignore too large handle values in BIG

Am 16.06.24 um 15:21 schrieb Edward Adam Davis:
> hci_le_big_sync_established_evt is necessary to filter out cases where the
> handle value is belone to ida id range, otherwise ida will be erroneously

belone? Is it belonging?

> released in hci_conn_cleanup.
> 
> Fixes: 181a42edddf5 ("Bluetooth: Make handle of hci_conn be unique")
> Reported-by: syzbot+b2545b087a01a7319474@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=b2545b087a01a7319474
> Signed-off-by: Edward Adam Davis <eadavis@...com>
> ---
>   net/bluetooth/hci_event.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index a487f9df8145..eb1d5a2c48ee 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -6893,6 +6893,9 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
>   
>   		bis = hci_conn_hash_lookup_handle(hdev, handle);
>   		if (!bis) {
> +			if (handle > HCI_CONN_HANDLE_MAX)
> +				continue;
> +

Should some debug message be printed?

>   			bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY,
>   					   HCI_ROLE_SLAVE, handle);
>   			if (IS_ERR(bis))


Kind regards,

Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ