| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 May 2021 17:19:41 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: luiz.von.dentz@...el.com
Cc: linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org
Subject: [bug report] Bluetooth: L2CAP: Add initial code for Enhanced Credit
Based Mode
Hello Luiz Augusto von Dentz,
The patch 15f02b910562: "Bluetooth: L2CAP: Add initial code for
Enhanced Credit Based Mode" from Mar 2, 2020, leads to the following
static checker warning:
net/bluetooth/l2cap_core.c:6265 l2cap_ecred_reconf_rsp()
warn: iterator 'chan->list.next' changed during iteration
net/bluetooth/l2cap_core.c
6247 static inline int l2cap_ecred_reconf_rsp(struct l2cap_conn *conn,
6248 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
6249 u8 *data)
6250 {
6251 struct l2cap_chan *chan;
6252 struct l2cap_ecred_conn_rsp *rsp = (void *) data;
6253 u16 result;
6254
6255 if (cmd_len < sizeof(*rsp))
6256 return -EPROTO;
6257
6258 result = __le16_to_cpu(rsp->result);
6259
6260 BT_DBG("result 0x%4.4x", rsp->result);
6261
6262 if (!result)
6263 return 0;
6264
6265 list_for_each_entry(chan, &conn->chan_l, list) {
6266 if (chan->ident != cmd->ident)
6267 continue;
6268
6269 l2cap_chan_del(chan, ECONNRESET);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This can call:
list_del(&chan->list);
which will lead to an oops in the next iteration.
6270 }
6271
6272 return 0;
6273 }
regards,
dan carpenter
Powered by blists - more mailing lists