lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20221115050257.3818178-1-git@sung-woo.kim>
Date:   Tue, 15 Nov 2022 00:02:57 -0500
From:   Sungwoo Kim <happiness.sung.woo@...il.com>
To:     luiz.dentz@...il.com
Cc:     davem@...emloft.net, edumazet@...gle.com, iam@...g-woo.kim,
        johan.hedberg@...il.com, kuba@...nel.org,
        linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
        marcel@...tmann.org, netdev@...r.kernel.org, pabeni@...hat.com
Subject: Re: L2CAP: Spec violation

Sure,

btmon trace:
(...)

> ACL Data RX: Handle 200 flags 0x00 dlen 1033                                                                                                                                                                          #32 [hci0] 17.083174
        invalid packet size (12 != 1033)
        08 00 01 00 02 01 04 00 01 10 ff ff              ............
@ MGMT Event: Device Connected (0x000b) plen 13                                                                                                                                                                    {0x0002} [hci0] 17.104462
        BR/EDR Address: 10:AA:AA:AA:AA:AA (OUI 10-AA-AA)
        Flags: 0x00000000
        Data length: 0
@ MGMT Event: Device Connected (0x000b) plen 13                                                                                                                                                                    {0x0001} [hci0] 17.104462
        BR/EDR Address: 10:AA:AA:AA:AA:AA (OUI 10-AA-AA)
        Flags: 0x00000000
        Data length: 0
< ACL Data TX: Handle 200 flags 0x02 dlen 16                                                                                                                                                                            #33 [hci0] 17.149691
      L2CAP: Connection Response (0x03) ident 1 len 8
        Destination CID: 64
        Source CID: 65535
        Result: Connection pending (0x0001)
        Status: No further information available (0x0000)
< ACL Data TX: Handle 200 flags 0x02 dlen 10                                                                                                                                                                            #34 [hci0] 17.154828
      L2CAP: Information Request (0x0a) ident 2 len 2
        Type: Extended features supported (0x0002)
> ACL Data RX: Handle 200 flags 0x00 dlen 2061                                                                                                                                                                          #35 [hci0] 17.145762
        invalid packet size (16 != 2061)
        0c 00 01 00 04 01 08 00 40 00 00 00 01 02 00 00  ........@.......
> ACL Data RX: Handle 200 flags 0x00 dlen 2061                                                                                                                                                                          #36 [hci0] 17.146654
        invalid packet size (16 != 2061)
        0c 00 01 00 03 01 08 00 00 00 00 00 00 00 00 00  ................
> ACL Data RX: Handle 200 flags 0x00 dlen 2061                                                                                                                                                                          #37 [hci0] 17.147190
        invalid packet size (16 != 2061)
        0c 00 01 00 04 01 08 00 40 00 00 00 05 00 00 00  ........@.......
> ACL Data RX: Handle 200 flags 0x00 dlen 1804                                                                                                                                                                          #38 [hci0] 17.148090
        invalid packet size (15 != 1804)
        0b 00 01 00 04 01 07 00 40 00 00 00 05 00 00     ........@......
> ACL Data RX: Handle 200 flags 0x00 dlen 1547                                                                                                                                                                          #39 [hci0] 17.148708
        invalid packet size (14 != 1547)

(...)

The last ACL data packet invokes:
l2cap_bredr_sig_cmd
l2cap_config_rsp
l2cap_send_disconn_req
l2cap_state_change_and_error
Bluetooth: chan 00000000205763be BT_CONFIG -> BT_DISCONN

This is the code and whole log:
https://gist.github.com/swkim101/82bc694f9427f008c14e91307b3355b6

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ