Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932518AbbDIBJG (ORCPT <rfc822;w@1wt.eu>);
	Wed, 8 Apr 2015 21:09:06 -0400
Received: from szxga03-in.huawei.com ([119.145.14.66]:17027 "EHLO
	szxga03-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754716AbbDIBJD (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 8 Apr 2015 21:09:03 -0400
Message-ID: <5525D11B.3010601@huawei.com>
Date: Thu, 9 Apr 2015 09:08:43 +0800
From: Zefan Li <lizefan@huawei.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Tim Niemeyer <tim.niemeyer@corscience.de>
CC: <stable@vger.kernel.org>, Jaganath Kanakkassery <jaganath.k@samsung.com>,
        Chan-Yeol Park <chanyeol.park@samsung.com>,
        Gustavo Padovan <gustavo.padovan@collabora.co.uk>,
        Jianguo Wu <wujianguo@huawei.com>,
        "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
        Marcel Holtmann <marcel@holtmann.org>,
        Gustavo Padovan <gustavo@padovan.org>,
        Johan Hedberg <johan.hedberg@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        <linux-bluetooth@vger.kernel.org>, <netdev@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>
Subject: Re: [3.4 PATCH] Bluetooth: Fix invalid length check in l2cap_information_rsp()
References: <1427707657-28545-1-git-send-email-tim.niemeyer@corscience.de>
In-Reply-To: <1427707657-28545-1-git-send-email-tim.niemeyer@corscience.de>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="GB2312"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.177.18.230]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
	refid=str=0001.0A020204.5525D125.00B1,ss=1,re=0.001,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0,
	ip=0.0.0.0,
	so=2013-05-26 15:14:31,
	dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 51444275b2f9cfabc57dffe1c8017a8d
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1664
Lines: 43

On 2015/3/30 17:27, Tim Niemeyer wrote:
> first backport commit 6ec88fcb4aa2c33fe2fe2a23c576a7e2581c5c3d changes
> l2cap_move_channel_confirm_rsp and not the l2cap_information_rsp. So
> revert this and fix at the correct position.
> 
> commit 3f6fa3d489e127ca5a5b298eabac3ff5dbe0e112 upstream.
> 
> The length check is invalid since the length varies with type of
> info response.
> 
> This was introduced by the commit cb3b3152b2f5939d67005cff841a1ca748b19888
> 
> Because of this, l2cap info rsp is not handled and command reject is sent.
> 
>> ACL data: handle 11 flags 0x02 dlen 16
>         L2CAP(s): Info rsp: type 2 result 0
>           Extended feature mask 0x00b8
>             Enhanced Retransmission mode
>             Streaming mode
>             FCS Option
>             Fixed Channels
> < ACL data: handle 11 flags 0x00 dlen 10
>         L2CAP(s): Command rej: reason 0
>           Command not understood
> 
> Cc: stable@vger.kernel.org
> Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
> Signed-off-by: Chan-Yeol Park <chanyeol.park@samsung.com>
> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
> Cc: Jianguo Wu <wujianguo@huawei.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Signed-off-by: Tim Niemeyer <tim.niemeyer@corscience.de>
> Acked-by: Johan Hedberg <johan.hedberg@intel.com>
> ---
> Patch for 3.4-stable.
> 

Queued up for 3.4. Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/