lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <jyxfdjkcwsu6sqmqfuyelhlwsr4dbzxirfloalvklppvu6qmss@tdhoypgttcdc>
Date: Mon, 17 Feb 2025 08:40:45 +0800
From: "Chia-Lin Kao (AceLan)" <acelan.kao@...onical.com>
To: En-Wei Wu <en-wei.wu@...onical.com>
Cc: marcel@...tmann.org, luiz.dentz@...il.com, 
	linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org, pmenzel@...gen.mpg.de, 
	quic_tjiang@...cinc.com, kuan-ying.lee@...onical.com, anthony.wong@...onical.com
Subject: Re: [PATCH v3 0/2] Bluetooth: btusb: Fix QCA dump packet handling
 and improve SKB safety

On Thu, Dec 05, 2024 at 03:17:25PM +0800, En-Wei Wu wrote:
> This patch series fixes a NULL pointer dereference in the QCA firmware dump
> handling and improves the safety of SKB buffer handling. The problem occurs
> when processing firmware crash dumps from WCN7851/WCN6855 Bluetooth
> controllers, where incorrect return value handling leads to premature SKB
> freeing and subsequent NULL pointer dereference.
A gentle ping.
Please help to review this patch series.
Thanks.

> 
> The series is split into two parts:
> - Patch 1 fixes the NULL pointer dereference by correcting return value
>   handling and splits dump packet detection into separate ACL and event
>   functions
> - Patch 2 improves SKB safety by using proper buffer access methods and
>   adding state restoration on error paths
> 
> Changes in v3:
> - Use skb_pull_data() for safe packet header access
> - Split dump packet detection into separate ACL and event helpers
> 
> Changes in v2:
> - Fixed typo in the title
> - Re-flowed commit message line to fit 72 characters
> - Added blank line before btusb_recv_acl_qca()
> 
> En-Wei Wu (2):
>   Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
>   Bluetooth: btusb: Improve SKB safety in QCA dump packet handling
> 
>  drivers/bluetooth/btusb.c | 120 +++++++++++++++++++++++---------------
>  1 file changed, 74 insertions(+), 46 deletions(-)
> 
> -- 
> 2.43.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ