| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Mar 2020 08:23:39 +0100
From: Marcel Holtmann <marcel@...tmann.org>
To: Howard Chung <howardchung@...gle.com>
Cc: Bluez mailing list <linux-bluetooth@...r.kernel.org>,
chromeos-bluetooth-upstreaming@...omium.org,
"David S. Miller" <davem@...emloft.net>,
Johan Hedberg <johan.hedberg@...il.com>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Jakub Kicinski <kuba@...nel.org>
Subject: Re: [Bluez PATCH v2] Bluetooth: L2CAP: handle l2cap config request
during open state
Hi Howard,
> According to Core Spec Version 5.2 | Vol 3, Part A 6.1.5,
> the incoming L2CAP_ConfigReq should be handled during
> OPEN state.
>
> The section below shows the btmon trace when running
> L2CAP/COS/CFD/BV-12-C before and after this change.
>
> === Before ===
> ...
>> ACL Data RX: Handle 256 flags 0x02 dlen 12 #22
> L2CAP: Connection Request (0x02) ident 2 len 4
> PSM: 1 (0x0001)
> Source CID: 65
> < ACL Data TX: Handle 256 flags 0x00 dlen 16 #23
> L2CAP: Connection Response (0x03) ident 2 len 8
> Destination CID: 64
> Source CID: 65
> Result: Connection successful (0x0000)
> Status: No further information available (0x0000)
> < ACL Data TX: Handle 256 flags 0x00 dlen 12 #24
> L2CAP: Configure Request (0x04) ident 2 len 4
> Destination CID: 65
> Flags: 0x0000
>> HCI Event: Number of Completed Packets (0x13) plen 5 #25
> Num handles: 1
> Handle: 256
> Count: 1
>> HCI Event: Number of Completed Packets (0x13) plen 5 #26
> Num handles: 1
> Handle: 256
> Count: 1
>> ACL Data RX: Handle 256 flags 0x02 dlen 16 #27
> L2CAP: Configure Request (0x04) ident 3 len 8
> Destination CID: 64
> Flags: 0x0000
> Option: Unknown (0x10) [hint]
> 01 00 ..
> < ACL Data TX: Handle 256 flags 0x00 dlen 18 #28
> L2CAP: Configure Response (0x05) ident 3 len 10
> Source CID: 65
> Flags: 0x0000
> Result: Success (0x0000)
> Option: Maximum Transmission Unit (0x01) [mandatory]
> MTU: 672
>> HCI Event: Number of Completed Packets (0x13) plen 5 #29
> Num handles: 1
> Handle: 256
> Count: 1
>> ACL Data RX: Handle 256 flags 0x02 dlen 14 #30
> L2CAP: Configure Response (0x05) ident 2 len 6
> Source CID: 64
> Flags: 0x0000
> Result: Success (0x0000)
>> ACL Data RX: Handle 256 flags 0x02 dlen 20 #31
> L2CAP: Configure Request (0x04) ident 3 len 12
> Destination CID: 64
> Flags: 0x0000
> Option: Unknown (0x10) [hint]
> 01 00 91 02 11 11 ......
> < ACL Data TX: Handle 256 flags 0x00 dlen 14 #32
> L2CAP: Command Reject (0x01) ident 3 len 6
> Reason: Invalid CID in request (0x0002)
> Destination CID: 64
> Source CID: 65
>> HCI Event: Number of Completed Packets (0x13) plen 5 #33
> Num handles: 1
> Handle: 256
> Count: 1
> ...
> === After ===
> ...
>> ACL Data RX: Handle 256 flags 0x02 dlen 12 #22
> L2CAP: Connection Request (0x02) ident 2 len 4
> PSM: 1 (0x0001)
> Source CID: 65
> < ACL Data TX: Handle 256 flags 0x00 dlen 16 #23
> L2CAP: Connection Response (0x03) ident 2 len 8
> Destination CID: 64
> Source CID: 65
> Result: Connection successful (0x0000)
> Status: No further information available (0x0000)
> < ACL Data TX: Handle 256 flags 0x00 dlen 12 #24
> L2CAP: Configure Request (0x04) ident 2 len 4
> Destination CID: 65
> Flags: 0x0000
>> HCI Event: Number of Completed Packets (0x13) plen 5 #25
> Num handles: 1
> Handle: 256
> Count: 1
>> HCI Event: Number of Completed Packets (0x13) plen 5 #26
> Num handles: 1
> Handle: 256
> Count: 1
>> ACL Data RX: Handle 256 flags 0x02 dlen 16 #27
> L2CAP: Configure Request (0x04) ident 3 len 8
> Destination CID: 64
> Flags: 0x0000
> Option: Unknown (0x10) [hint]
> 01 00 ..
> < ACL Data TX: Handle 256 flags 0x00 dlen 18 #28
> L2CAP: Configure Response (0x05) ident 3 len 10
> Source CID: 65
> Flags: 0x0000
> Result: Success (0x0000)
> Option: Maximum Transmission Unit (0x01) [mandatory]
> MTU: 672
>> HCI Event: Number of Completed Packets (0x13) plen 5 #29
> Num handles: 1
> Handle: 256
> Count: 1
>> ACL Data RX: Handle 256 flags 0x02 dlen 14 #30
> L2CAP: Configure Response (0x05) ident 2 len 6
> Source CID: 64
> Flags: 0x0000
> Result: Success (0x0000)
>> ACL Data RX: Handle 256 flags 0x02 dlen 20 #31
> L2CAP: Configure Request (0x04) ident 3 len 12
> Destination CID: 64
> Flags: 0x0000
> Option: Unknown (0x10) [hint]
> 01 00 91 02 11 11 .....
> < ACL Data TX: Handle 256 flags 0x00 dlen 18 #32
> L2CAP: Configure Response (0x05) ident 3 len 10
> Source CID: 65
> Flags: 0x0000
> Result: Success (0x0000)
> Option: Maximum Transmission Unit (0x01) [mandatory]
> MTU: 672
> < ACL Data TX: Handle 256 flags 0x00 dlen 12 #33
> L2CAP: Configure Request (0x04) ident 3 len 4
> Destination CID: 65
> Flags: 0x0000
>> HCI Event: Number of Completed Packets (0x13) plen 5 #34
> Num handles: 1
> Handle: 256
> Count: 1
>> HCI Event: Number of Completed Packets (0x13) plen 5 #35
> Num handles: 1
> Handle: 256
> Count: 1
> ...
>
> Signed-off-by: Howard Chung <howardchung@...gle.com>
>
> ---
>
> Changes in v2:
> - Updated commit messages
>
> net/bluetooth/l2cap_core.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
patch has been applied to bluetooth-next tree.
Regards
Marcel
Powered by blists - more mailing lists