[Bluez PATCH v2] monitor: Fix possible crash of rfcomm packet

public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed

* [Bluez PATCH v2] monitor: Fix possible crash of rfcomm packet
@ 2021-05-12  2:36 Howard Chung
  2021-05-12  3:20 ` [Bluez,v2] " bluez.test.bot
  0 siblings, 1 reply; 3+ messages in thread
From: Howard Chung @ 2021-05-12  2:36 UTC (permalink / raw)
  To: linux-bluetooth, luiz.dentz
  Cc: chromeos-bluetooth-upstreaming, Yun-Hao Chung, apusaka

From: Yun-Hao Chung <howardchung@chromium.org>

When RFCOMM_TEST_EA returns false, btmon assumes packet data has at
least 5 bytes long. If that assumption fails, btmon could crash when
trying to read the next byte.
This patch fix it by checking the remaining size before reading the last
byte.

Reviewed-by: apusaka@chromium.org
---

Changes in v2:
- Rewrite the if statement

 monitor/rfcomm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/monitor/rfcomm.c b/monitor/rfcomm.c
index 9b88a3440e31..3eb19faf0297 100644
--- a/monitor/rfcomm.c
+++ b/monitor/rfcomm.c
@@ -452,6 +452,9 @@ void rfcomm_packet(const struct l2cap_frame *frame)
 		hdr.length = GET_LEN16(hdr.length);
 	}
 
+	if (!l2cap_frame->size)
+		goto fail;
+
 	l2cap_frame_pull(&tmp_frame, l2cap_frame, l2cap_frame->size-1);
 
 	if (!l2cap_frame_get_u8(&tmp_frame, &hdr.fcs))
-- 
2.31.1.607.g51e8a6a459-goog


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* RE: [Bluez,v2] monitor: Fix possible crash of rfcomm packet
  2021-05-12  2:36 [Bluez PATCH v2] monitor: Fix possible crash of rfcomm packet Howard Chung
@ 2021-05-12  3:20 ` bluez.test.bot
  2021-05-13 21:14   ` Luiz Augusto von Dentz
  0 siblings, 1 reply; 3+ messages in thread
From: bluez.test.bot @ 2021-05-12  3:20 UTC (permalink / raw)
  To: linux-bluetooth, howardchung

[-- Attachment #1: Type: text/plain, Size: 2296 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=480831

---Test result---

Test Summary:
CheckPatch                    PASS      0.33 seconds
GitLint                       PASS      0.13 seconds
Prep - Setup ELL              PASS      49.08 seconds
Build - Prep                  PASS      0.14 seconds
Build - Configure             PASS      8.39 seconds
Build - Make                  PASS      215.02 seconds
Make Check                    PASS      9.33 seconds
Make Dist                     PASS      12.62 seconds
Make Dist - Configure         PASS      5.15 seconds
Make Dist - Make              PASS      87.51 seconds
Build w/ext ELL - Configure   PASS      8.44 seconds
Build w/ext ELL - Make        PASS      201.74 seconds

Details
##############################
Test: CheckPatch - PASS
Desc: Run checkpatch.pl script with rule in .checkpatch.conf

##############################
Test: GitLint - PASS
Desc: Run gitlint with rule in .gitlint

##############################
Test: Prep - Setup ELL - PASS
Desc: Clone, build, and install ELL

##############################
Test: Build - Prep - PASS
Desc: Prepare environment for build

##############################
Test: Build - Configure - PASS
Desc: Configure the BlueZ source tree

##############################
Test: Build - Make - PASS
Desc: Build the BlueZ source tree

##############################
Test: Make Check - PASS
Desc: Run 'make check'

##############################
Test: Make Dist - PASS
Desc: Run 'make dist' and build the distribution tarball

##############################
Test: Make Dist - Configure - PASS
Desc: Configure the source from distribution tarball

##############################
Test: Make Dist - Make - PASS
Desc: Build the source from distribution tarball

##############################
Test: Build w/ext ELL - Configure - PASS
Desc: Configure BlueZ source with '--enable-external-ell' configuration

##############################
Test: Build w/ext ELL - Make - PASS
Desc: Build BlueZ source with '--enable-external-ell' configuration



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Bluez,v2] monitor: Fix possible crash of rfcomm packet
  2021-05-12  3:20 ` [Bluez,v2] " bluez.test.bot
@ 2021-05-13 21:14   ` Luiz Augusto von Dentz
  0 siblings, 0 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2021-05-13 21:14 UTC (permalink / raw)
  To: linux-bluetooth@vger.kernel.org; +Cc: Yun-hao Chung

Hi Yun,

On Tue, May 11, 2021 at 8:21 PM <bluez.test.bot@gmail.com> wrote:
>
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=480831
>
> ---Test result---
>
> Test Summary:
> CheckPatch                    PASS      0.33 seconds
> GitLint                       PASS      0.13 seconds
> Prep - Setup ELL              PASS      49.08 seconds
> Build - Prep                  PASS      0.14 seconds
> Build - Configure             PASS      8.39 seconds
> Build - Make                  PASS      215.02 seconds
> Make Check                    PASS      9.33 seconds
> Make Dist                     PASS      12.62 seconds
> Make Dist - Configure         PASS      5.15 seconds
> Make Dist - Make              PASS      87.51 seconds
> Build w/ext ELL - Configure   PASS      8.44 seconds
> Build w/ext ELL - Make        PASS      201.74 seconds
>
> Details
> ##############################
> Test: CheckPatch - PASS
> Desc: Run checkpatch.pl script with rule in .checkpatch.conf
>
> ##############################
> Test: GitLint - PASS
> Desc: Run gitlint with rule in .gitlint
>
> ##############################
> Test: Prep - Setup ELL - PASS
> Desc: Clone, build, and install ELL
>
> ##############################
> Test: Build - Prep - PASS
> Desc: Prepare environment for build
>
> ##############################
> Test: Build - Configure - PASS
> Desc: Configure the BlueZ source tree
>
> ##############################
> Test: Build - Make - PASS
> Desc: Build the BlueZ source tree
>
> ##############################
> Test: Make Check - PASS
> Desc: Run 'make check'
>
> ##############################
> Test: Make Dist - PASS
> Desc: Run 'make dist' and build the distribution tarball
>
> ##############################
> Test: Make Dist - Configure - PASS
> Desc: Configure the source from distribution tarball
>
> ##############################
> Test: Make Dist - Make - PASS
> Desc: Build the source from distribution tarball
>
> ##############################
> Test: Build w/ext ELL - Configure - PASS
> Desc: Configure BlueZ source with '--enable-external-ell' configuration
>
> ##############################
> Test: Build w/ext ELL - Make - PASS
> Desc: Build BlueZ source with '--enable-external-ell' configuration
>
>
>
> ---
> Regards,
> Linux Bluetooth

Applied, thanks.

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-05-13 21:14 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-12  2:36 [Bluez PATCH v2] monitor: Fix possible crash of rfcomm packet Howard Chung
2021-05-12  3:20 ` [Bluez,v2] " bluez.test.bot
2021-05-13 21:14   ` Luiz Augusto von Dentz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox