* [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name
@ 2026-03-16 20:43 Luiz Augusto von Dentz
2026-03-16 21:49 ` [BlueZ,v1] " bluez.test.bot
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Luiz Augusto von Dentz @ 2026-03-16 20:43 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
iov may carry move then HCI_MAX_NAME_LENGTH in which case it is
truncated so it doesn't overflow utf8_name.
---
src/shared/ad.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/shared/ad.c b/src/shared/ad.c
index ac238014bcea..b1d1b84611aa 100644
--- a/src/shared/ad.c
+++ b/src/shared/ad.c
@@ -278,7 +278,8 @@ static bool ad_replace_name(struct bt_ad *ad, struct iovec *iov)
char utf8_name[HCI_MAX_NAME_LENGTH + 2];
memset(utf8_name, 0, sizeof(utf8_name));
- strncpy(utf8_name, (const char *)iov->iov_base, iov->iov_len);
+ strncpy(utf8_name, (const char *)iov->iov_base,
+ MIN(iov->iov_len, HCI_MAX_NAME_LENGTH));
if (strisutf8(utf8_name, iov->iov_len))
goto done;
--
2.53.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: [BlueZ,v1] shared/ad: Fix not checking length on ad_replace_name
2026-03-16 20:43 [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name Luiz Augusto von Dentz
@ 2026-03-16 21:49 ` bluez.test.bot
2026-03-17 16:00 ` [PATCH BlueZ v1] " patchwork-bot+bluetooth
2026-03-17 16:07 ` Bastien Nocera
2 siblings, 0 replies; 6+ messages in thread
From: bluez.test.bot @ 2026-03-16 21:49 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
[-- Attachment #1: Type: text/plain, Size: 1311 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1067554
---Test result---
Test Summary:
CheckPatch PENDING 0.31 seconds
GitLint PENDING 0.40 seconds
BuildEll PASS 21.13 seconds
BluezMake PASS 649.12 seconds
MakeCheck PASS 19.28 seconds
MakeDistcheck PASS 246.81 seconds
CheckValgrind PASS 292.70 seconds
CheckSmatch PASS 355.11 seconds
bluezmakeextell PASS 182.65 seconds
IncrementalBuild PENDING 0.38 seconds
ScanBuild PASS 1018.38 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
https://github.com/bluez/bluez/pull/1966/checks
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name
2026-03-16 20:43 [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name Luiz Augusto von Dentz
2026-03-16 21:49 ` [BlueZ,v1] " bluez.test.bot
@ 2026-03-17 16:00 ` patchwork-bot+bluetooth
2026-03-17 16:07 ` Bastien Nocera
2 siblings, 0 replies; 6+ messages in thread
From: patchwork-bot+bluetooth @ 2026-03-17 16:00 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Mon, 16 Mar 2026 16:43:20 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> iov may carry move then HCI_MAX_NAME_LENGTH in which case it is
> truncated so it doesn't overflow utf8_name.
> ---
> src/shared/ad.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Here is the summary with links:
- [BlueZ,v1] shared/ad: Fix not checking length on ad_replace_name
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=11d05ece674f
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name
2026-03-16 20:43 [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name Luiz Augusto von Dentz
2026-03-16 21:49 ` [BlueZ,v1] " bluez.test.bot
2026-03-17 16:00 ` [PATCH BlueZ v1] " patchwork-bot+bluetooth
@ 2026-03-17 16:07 ` Bastien Nocera
2026-03-17 16:43 ` Luiz Augusto von Dentz
2 siblings, 1 reply; 6+ messages in thread
From: Bastien Nocera @ 2026-03-17 16:07 UTC (permalink / raw)
To: Luiz Augusto von Dentz, linux-bluetooth
On Mon, 2026-03-16 at 16:43 -0400, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> iov may carry move then HCI_MAX_NAME_LENGTH in which case it is
> truncated so it doesn't overflow utf8_name.
> ---
> src/shared/ad.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/shared/ad.c b/src/shared/ad.c
> index ac238014bcea..b1d1b84611aa 100644
> --- a/src/shared/ad.c
> +++ b/src/shared/ad.c
> @@ -278,7 +278,8 @@ static bool ad_replace_name(struct bt_ad *ad,
> struct iovec *iov)
> char utf8_name[HCI_MAX_NAME_LENGTH + 2];
>
> memset(utf8_name, 0, sizeof(utf8_name));
> - strncpy(utf8_name, (const char *)iov->iov_base, iov-
> >iov_len);
> + strncpy(utf8_name, (const char *)iov->iov_base,
> + MIN(iov->iov_len, HCI_MAX_NAME_LENGTH));
As I mentioned in my review, utf8_name could also have been shrunk by
one byte.
>
> if (strisutf8(utf8_name, iov->iov_len))
> goto done;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name
2026-03-17 16:07 ` Bastien Nocera
@ 2026-03-17 16:43 ` Luiz Augusto von Dentz
2026-03-17 17:05 ` Bastien Nocera
0 siblings, 1 reply; 6+ messages in thread
From: Luiz Augusto von Dentz @ 2026-03-17 16:43 UTC (permalink / raw)
To: Bastien Nocera; +Cc: linux-bluetooth
Hi Bastien,
On Tue, Mar 17, 2026 at 12:07 PM Bastien Nocera <hadess@hadess.net> wrote:
>
> On Mon, 2026-03-16 at 16:43 -0400, Luiz Augusto von Dentz wrote:
> > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> >
> > iov may carry move then HCI_MAX_NAME_LENGTH in which case it is
> > truncated so it doesn't overflow utf8_name.
> > ---
> > src/shared/ad.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/shared/ad.c b/src/shared/ad.c
> > index ac238014bcea..b1d1b84611aa 100644
> > --- a/src/shared/ad.c
> > +++ b/src/shared/ad.c
> > @@ -278,7 +278,8 @@ static bool ad_replace_name(struct bt_ad *ad,
> > struct iovec *iov)
> > char utf8_name[HCI_MAX_NAME_LENGTH + 2];
> >
> > memset(utf8_name, 0, sizeof(utf8_name));
> > - strncpy(utf8_name, (const char *)iov->iov_base, iov-
> > >iov_len);
> > + strncpy(utf8_name, (const char *)iov->iov_base,
> > + MIN(iov->iov_len, HCI_MAX_NAME_LENGTH));
>
> As I mentioned in my review, utf8_name could also have been shrunk by
> one byte.
What review?
> >
> > if (strisutf8(utf8_name, iov->iov_len))
> > goto done;
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name
2026-03-17 16:43 ` Luiz Augusto von Dentz
@ 2026-03-17 17:05 ` Bastien Nocera
0 siblings, 0 replies; 6+ messages in thread
From: Bastien Nocera @ 2026-03-17 17:05 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
On Tue, 2026-03-17 at 12:43 -0400, Luiz Augusto von Dentz wrote:
> Hi Bastien,
>
> On Tue, Mar 17, 2026 at 12:07 PM Bastien Nocera <hadess@hadess.net>
> wrote:
> >
> > On Mon, 2026-03-16 at 16:43 -0400, Luiz Augusto von Dentz wrote:
> > > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> > >
> > > iov may carry move then HCI_MAX_NAME_LENGTH in which case it is
> > > truncated so it doesn't overflow utf8_name.
> > > ---
> > > src/shared/ad.c | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/src/shared/ad.c b/src/shared/ad.c
> > > index ac238014bcea..b1d1b84611aa 100644
> > > --- a/src/shared/ad.c
> > > +++ b/src/shared/ad.c
> > > @@ -278,7 +278,8 @@ static bool ad_replace_name(struct bt_ad *ad,
> > > struct iovec *iov)
> > > char utf8_name[HCI_MAX_NAME_LENGTH + 2];
> > >
> > > memset(utf8_name, 0, sizeof(utf8_name));
> > > - strncpy(utf8_name, (const char *)iov->iov_base, iov-
> > > > iov_len);
> > > + strncpy(utf8_name, (const char *)iov->iov_base,
> > > + MIN(iov->iov_len, HCI_MAX_NAME_LENGTH));
> >
> > As I mentioned in my review, utf8_name could also have been shrunk
> > by
> > one byte.
>
> What review?
https://lore.kernel.org/linux-bluetooth/d054c110dc64a6278e052259bc315d442828228c.camel@hadess.net/
>
> > >
> > > if (strisutf8(utf8_name, iov->iov_len))
> > > goto done;
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-03-17 17:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-16 20:43 [PATCH BlueZ v1] shared/ad: Fix not checking length on ad_replace_name Luiz Augusto von Dentz
2026-03-16 21:49 ` [BlueZ,v1] " bluez.test.bot
2026-03-17 16:00 ` [PATCH BlueZ v1] " patchwork-bot+bluetooth
2026-03-17 16:07 ` Bastien Nocera
2026-03-17 16:43 ` Luiz Augusto von Dentz
2026-03-17 17:05 ` Bastien Nocera
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox