2014-06-23 13:09:43

by Loic Poulain

[permalink] [raw]
Subject: [PATCH] Bluetooth: Ignore H5 non-link packets in non-active state

Fix missing return in the non-link packet detection.

Signed-off-by: Loic Poulain <[email protected]>
---
drivers/bluetooth/hci_h5.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index e521730..5e3fc8d 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -404,6 +404,7 @@ static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c)
H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) {
BT_ERR("Non-link packet received in non-active state");
h5_reset_rx(h5);
+ return 0;
}

h5->rx_func = h5_rx_payload;
--
1.8.3.2


2014-06-23 15:24:08

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [PATCH] Bluetooth: Ignore H5 non-link packets in non-active state

Hi Loic,

no top-posting on this mailing list please.

> Sorry, but I omitted to precise that this patch fixes a NULL pointer dereference.
> Indeed, h5->rx_skb was freed in h5_reset_rx and dereferenced in the next
> h5_rx_payload call. So I think it should go to stable tree.

and if you think this should go to stable, then you have to have a proper commit message explaining what is happening and what the impact is. Feel free to send a new version.

Regards

Marcel


2014-06-23 14:47:07

by Loic Poulain

[permalink] [raw]
Subject: RE: [PATCH] Bluetooth: Ignore H5 non-link packets in non-active state

Sorry, but I omitted to precise that this patch fixes a NULL pointer derefe=
rence.=0A=
Indeed, h5->rx_skb was freed in h5_reset_rx and dereferenced in the next =
=0A=
h5_rx_payload call. So I think it should go to stable tree.=0A=
=0A=
Regards,=0A=
Loic=0A=
________________________________________=0A=
From: [email protected] [[email protected]=
nel.org] on behalf of Marcel Holtmann [[email protected]]=0A=
Sent: Monday, June 23, 2014 3:35 PM=0A=
To: Poulain, Loic=0A=
Cc: Gustavo F. Padovan; Johan Hedberg; [email protected]=0A=
Subject: Re: [PATCH] Bluetooth: Ignore H5 non-link packets in non-active st=
ate=0A=
=0A=
Hi Loic,=0A=
=0A=
> Fix missing return in the non-link packet detection.=0A=
>=0A=
> Signed-off-by: Loic Poulain <[email protected]>=0A=
> ---=0A=
> drivers/bluetooth/hci_h5.c | 1 +=0A=
> 1 file changed, 1 insertion(+)=0A=
=0A=
patch has been applied to bluetooth-next tree.=0A=
=0A=
Regards=0A=
=0A=
Marcel=0A=
=0A=
--=0A=
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" =
in=0A=
the body of a message to [email protected]=0A=
More majordomo info at http://vger.kernel.org/majordomo-info.html=0A=

2014-06-23 13:35:10

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [PATCH] Bluetooth: Ignore H5 non-link packets in non-active state

Hi Loic,

> Fix missing return in the non-link packet detection.
>
> Signed-off-by: Loic Poulain <[email protected]>
> ---
> drivers/bluetooth/hci_h5.c | 1 +
> 1 file changed, 1 insertion(+)

patch has been applied to bluetooth-next tree.

Regards

Marcel