| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c3e1a8ca-2ded-f992-a1c3-d144397a7b2a@gmail.com>
Date: Thu, 19 Aug 2021 18:09:58 +0300
From: Pavel Skripkin <paskripkin@...il.com>
To: Marcel Holtmann <marcel@...tmann.org>
Cc: Johan Hedberg <johan.hedberg@...il.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>,
"David S. Miller" <davem@...emloft.net>,
linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
syzbot+be2baed593ea56c6a84c@...kaller.appspotmail.com
Subject: Re: [PATCH] Bluetooth: add timeout sanity check to hci_inquiry
On 8/19/21 6:05 PM, Marcel Holtmann wrote:
> Hi Pavel,
>
>> }
>>
>
> /* Restrict maximum inquiry length to 60 seconds */
> if (ir.length > 60) {
> ..
> }
>
>> + if (ir.length > HCI_INQUIRY_MAX_TIMEOUT) {
>> + err = -EINVAL;
>> + goto done;
>> + }
>> +
>
> I found this easier to read than adding anything define somewhere else. And since this is a legacy interface that is no longer used by bluetoothd, this should be fine. We will start to deprecate this eventually.
>
> And I prefer 1 minute max time here. Just to be safe.
>
I thought, that user-space should be aware of maximum value, that's why
I decided to add this define :) I didn't know, that this interface is
legacy.
Will fix in v2, thank you!
With regards,
Pavel Skripkin
Powered by blists - more mailing lists