From: Greg KH <gregkh@linuxfoundation.org>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH] Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
Date: Fri, 18 Jan 2019 13:19:31 +0100 [thread overview]
Message-ID: <20190118121931.GA4793@kroah.com> (raw)
In-Reply-To: <20190118115620.7562-1-marcel@holtmann.org>
On Fri, Jan 18, 2019 at 12:56:20PM +0100, Marcel Holtmann wrote:
> When doing option parsing for standard type values of 1, 2 or 4 octets,
> the value is converted directly into a variable instead of a pointer. To
> avoid being tricked into being a pointer, check that for these option
> types that sizes actually match. In L2CAP every option is fixed size and
> thus it is prudent anyway to ensure that the remote side sends us the
> right option size along with option paramters.
>
> If the option size is not matching the option type, then that option is
> silently ignored. It is a protocol violation and instead of trying to
> give the remote attacker any further hints just pretend that option is
> not present and proceed with the default values. Implementation
> following the specification and its qualification procedures will always
> use the correct size and thus not being impacted here.
>
> To keep the code readable and consistent accross all options, a few
> cosmetic changes were also required.
Ah, that's a much nicer patch than mine, I like it. As long as the code
for handling things when an option is not set properly works ok (which
I'm guessing it is as that would have been found out long ago), this
makes everything much simpler.
> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
next prev parent reply other threads:[~2019-01-18 12:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 11:56 [PATCH] Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt Marcel Holtmann
2019-01-18 12:19 ` Greg KH [this message]
2019-01-18 13:10 ` Marcel Holtmann
2019-01-23 11:34 ` Johan Hedberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190118121931.GA4793@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.