github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
a79327bb01
linux/net/bluetooth
History
Pavel Skripkin ffc9019bd9 Bluetooth: stop proccessing malicious adv data 
[ Upstream commit 3a56ef719f ]

Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The
problem was in missing validaion check.

We should check if data is not malicious and we can read next data block.
If we won't check ptr validness, code can read a way beyond skb->end and
it can cause problems, of course.

Fixes: e95beb4141 ("Bluetooth: hci_le_adv_report_evt code refactoring")
Reported-and-tested-by: syzbot+e3fcb9c4f3c2a931dc40@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-01-27 10:53:48 +01:00
..
bnep net: make ->{get,set}sockopt in proto_ops optional 2020-07-19 18:16:41 -07:00
cmtp Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails 2022-01-27 10:53:45 +01:00
hidp Bluetooth: hidp: use correct wait queue when removing ctrl_wait 2021-08-26 08:35:40 -04:00
rfcomm Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2020-07-31 15:11:52 -07:00
6lowpan.c Bluetooth: add a mutex lock to avoid UAF in do_enale_set 2020-06-23 14:30:07 +02:00
a2mp.c Bluetooth: drop HCI device reference before return 2021-03-04 11:37:25 +01:00
a2mp.h
af_bluetooth.c Bluetooth: Add support for BT_PKT_STATUS CMSG data for SCO connections 2020-06-12 15:08:49 +02:00
amp.c Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data 2021-03-07 12:34:10 +01:00
amp.h
ecdh_helper.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ecdh_helper.h Fix misc new gcc warnings 2021-05-11 14:47:36 +02:00
hci_conn.c Bluetooth: avoid deadlock between hci_dev->lock and socket lock 2021-05-14 09:50:29 +02:00
hci_core.c Revert "Bluetooth: Move shutdown callback before flushing tx and rx queue" 2021-09-16 12:51:23 +02:00
hci_debugfs.c Bluetooth: debugfs option to unset MITM flag 2020-04-07 18:32:21 +02:00
hci_debugfs.h
hci_event.c Bluetooth: stop proccessing malicious adv data 2022-01-27 10:53:48 +01:00
hci_request.c Bluetooth: Fix Set Extended (Scan Response) Data 2021-07-14 16:56:30 +02:00
hci_request.h Bluetooth: Enable/Disable address resolution during le create conn 2020-07-30 09:34:43 +02:00
hci_sock.c Bluetooth: defer cleanup of resources in hci_unregister_dev() 2021-08-12 13:22:08 +02:00
hci_sysfs.c Bluetooth: defer cleanup of resources in hci_unregister_dev() 2021-08-12 13:22:08 +02:00
Kconfig Bluetooth: Disable High Speed by default 2020-09-25 20:21:55 +02:00
l2cap_core.c Bluetooth: L2CAP: Fix invalid access on ECRED Connection response 2021-07-19 09:44:54 +02:00
l2cap_sock.c Bluetooth: L2CAP: Fix not initializing sk_peer_pid 2022-01-27 10:53:44 +01:00
leds.c
leds.h
lib.c Bluetooth: Introduce debug feature when dynamic debug is disabled 2020-05-11 12:16:27 +02:00
Makefile Bluetooth: implement read/set default system parameters mgmt 2020-06-12 21:41:07 +02:00
mgmt_config.c Bluetooth: Adding a configurable autoconnect timeout 2020-07-07 17:37:03 +02:00
mgmt_config.h Bluetooth: mgmt: Add commands for runtime configuration 2020-06-18 13:11:03 +03:00
mgmt_util.c
mgmt_util.h
mgmt.c Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd 2021-09-15 09:50:35 +02:00
msft.c Bluetooth: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
msft.h Bluetooth: Add handler of MGMT_OP_READ_ADV_MONITOR_FEATURES 2020-06-18 13:11:21 +03:00
sco.c Bluetooth: fix init and cleanup of sco_conn.timeout_work 2021-11-18 14:04:01 +01:00
selftest.c Bluetooth: Remove CRYPTO_ALG_INTERNAL flag 2020-07-31 16:42:04 +03:00
selftest.h
smp.c Bluetooth: SMP: Fail if remote and local public keys are identical 2021-05-26 12:06:57 +02:00
smp.h