* [PATCH] Bluetooth: L2CAP: Add missing checks for invalid DCID
@ 2023-06-03 12:28 Sungwoo Kim
2023-06-05 19:40 ` patchwork-bot+bluetooth
0 siblings, 1 reply; 2+ messages in thread
From: Sungwoo Kim @ 2023-06-03 12:28 UTC (permalink / raw)
Cc: daveti, Sungwoo Kim, Marcel Holtmann, Johan Hedberg,
Luiz Augusto von Dentz, linux-bluetooth, linux-kernel
When receiving a connect response we should make sure that the DCID is
within the valid range and that we don't already have another channel
allocated for the same DCID.
Missing checks may violate the specification (BLUETOOTH CORE SPECIFICATION
Version 5.4 | Vol 3, Part A, Page 1046).
Fixes: 40624183c202 ("L2CAP: Add missing checks for invalid LE DCID")
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
---
net/bluetooth/l2cap_core.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 376b523c7..104eb0320 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4306,6 +4306,10 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
result = __le16_to_cpu(rsp->result);
status = __le16_to_cpu(rsp->status);
+ if (result == L2CAP_CR_SUCCESS && (dcid < L2CAP_CID_DYN_START ||
+ dcid > L2CAP_CID_DYN_END))
+ return -EPROTO;
+
BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
dcid, scid, result, status);
@@ -4337,6 +4341,11 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
switch (result) {
case L2CAP_CR_SUCCESS:
+ if (__l2cap_get_chan_by_dcid(conn, dcid)) {
+ err = -EBADSLT;
+ break;
+ }
+
l2cap_state_change(chan, BT_CONFIG);
chan->ident = 0;
chan->dcid = dcid;
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] Bluetooth: L2CAP: Add missing checks for invalid DCID
2023-06-03 12:28 [PATCH] Bluetooth: L2CAP: Add missing checks for invalid DCID Sungwoo Kim
@ 2023-06-05 19:40 ` patchwork-bot+bluetooth
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+bluetooth @ 2023-06-05 19:40 UTC (permalink / raw)
To: Sungwoo Kim
Cc: daveti, marcel, johan.hedberg, luiz.dentz, linux-bluetooth,
linux-kernel
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Sat, 3 Jun 2023 08:28:09 -0400 you wrote:
> When receiving a connect response we should make sure that the DCID is
> within the valid range and that we don't already have another channel
> allocated for the same DCID.
> Missing checks may violate the specification (BLUETOOTH CORE SPECIFICATION
> Version 5.4 | Vol 3, Part A, Page 1046).
>
> Fixes: 40624183c202 ("L2CAP: Add missing checks for invalid LE DCID")
> Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
>
> [...]
Here is the summary with links:
- Bluetooth: L2CAP: Add missing checks for invalid DCID
https://git.kernel.org/bluetooth/bluetooth-next/c/f9367ce74db3
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-06-05 19:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-03 12:28 [PATCH] Bluetooth: L2CAP: Add missing checks for invalid DCID Sungwoo Kim
2023-06-05 19:40 ` patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox