Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp2496204rdb; Fri, 8 Dec 2023 09:42:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IFoj3lGccR5Zsqp/4eEw20zQEF08JVmpjXqiQdkGzOvGBtZDsUu/ov1aTIu8FT5btBNA/tE X-Received: by 2002:a17:907:7fa0:b0:a1b:619e:53f9 with SMTP id qk32-20020a1709077fa000b00a1b619e53f9mr90294ejc.221.1702057331181; Fri, 08 Dec 2023 09:42:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702057331; cv=none; d=google.com; s=arc-20160816; b=zldt67UHIqrdbTLJrtYSs4C+9zFNdk2k50+p/ozLeUq7kn6oo8m1T9smBPZ88nIWoa BFQ4dOU/hIC2+Zm+zJ7KvzCOa6EfY1J6GsmScoGxilkSN87WfAMK/JwY22OZfRYvVOh1 25ENm+ytzol2d/Y9HD6eW1iXDX12d/rkyiYyzE/dE3ltQcI3bfiidzE/7ZHTFgyaFTai dzXDZzcnt5M77UUdQD1AX8+kqV2S83HuD7m6UfPgwThrx0vkpp+/ar6/Tgu20SJURGus YaTaxfvUSisoSFkU8M+ttyNw42EyI4B9vZce7qkFVJkOUrc42l5N8VELwToCfLFCNTsd Qv8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:to:from :dkim-signature; bh=NF84mKjf+rjhPD6lYgwvpQJGWFDqSUz9b/LwIPIRcUk=; fh=4lGQI6056MBa4/oovMyIYaKLn+Wz/24RGvUivMmQP8E=; b=jJkxpvBmSHzxCf+P+TbQdh2LapFRBM+oh/0V+FZ9AYOI2cvFRXkISkxB0aq0l8i+qT Jj29Nd9QeOGUCwYHu7/zGiDEtcAR9INZXQPkEpZm7fVQCOnMPoc1axHN8x8Ywu8/FZx/ k5TmxHvMoMdwNvzqSkFV+uyGRVaFFqu4Nhpj+HbFfq5lBXnvPkLVQGisLk0JuMMDJO6J /Ra62c58v4mvZKY4MgwoU+JNcfUwc46kvUmKONzgFXzfdlQq/rQK+N/nWJPhgoIYQBTi 35ml7p1XrzPesJA5zkfeHGsbKZtzCNtGT4sOmYyMv/zzLZ6KEXdvsm4MG7Vg0anNyHsC LN5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b="cVZ/ZHsc"; spf=pass (google.com: domain of linux-bluetooth+bounces-481-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-481-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id o9-20020a17090611c900b00a01781e5b23si943667eja.619.2023.12.08.09.42.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Dec 2023 09:42:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-481-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b="cVZ/ZHsc"; spf=pass (google.com: domain of linux-bluetooth+bounces-481-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-481-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E7DFF1F21119 for ; Fri, 8 Dec 2023 17:42:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 91F973B780; Fri, 8 Dec 2023 17:42:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=collabora.com header.i=@collabora.com header.b="cVZ/ZHsc" X-Original-To: linux-bluetooth@vger.kernel.org Received: from madras.collabora.co.uk (madras.collabora.co.uk [IPv6:2a00:1098:0:82:1000:25:2eeb:e5ab]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 902A985 for ; Fri, 8 Dec 2023 09:41:59 -0800 (PST) Received: from fdanis-XPS-13-9370.. (cola.collaboradmins.com [195.201.22.229]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: fdanis) by madras.collabora.co.uk (Postfix) with ESMTPSA id D183166072EC for ; Fri, 8 Dec 2023 17:41:57 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1702057318; bh=HF1g9cViX30uRBYxDSw1IVBn0aCEsL6e0HQm7B7fH9Q=; h=From:To:Subject:Date:From; b=cVZ/ZHscvmjhDxxWAZJeni8ZueZt5c4wGAqaoMNhlZHALF151hdRUDHOADVennaAz 3Y2z8Pj+WGspzS4zouLtVNQTzGQVRObqSd9DuWCcUzGY29sXwrIisTgMAdGS+wHVQI Wox0Pm97EdG65/W9rqNYj+90CaojnqoMJJWKIfi9o4RGnG4VRmB7HikhC6QWdGH3gX mtpLJ/MqFFTEGMiya7zkzy4vcuTY/J2Na6V78DiVb+ddVQkZTuihC2SgABB6itetGj V6to2eKVtpEHpx9oItST/hdPZ7oYhdAiqoP0j6KMc1JLOGXjusSq65KAexsVkLK3qX etG5TQpkbsdxQ== From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Danis?= To: linux-bluetooth@vger.kernel.org Subject: [PATCH] Bluetooth: L2CAP: Send reject on command corrupted request Date: Fri, 8 Dec 2023 18:41:50 +0100 Message-Id: <20231208174150.1313389-1-frederic.danis@collabora.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit L2CAP/COS/CED/BI-02-C PTS test send a malformed L2CAP signaling packet with 2 commands in it (a connection request and an unknown command) and expect to get a connection response packet and a command reject packet. The second is currently not sent. Signed-off-by: Frédéric Danis --- net/bluetooth/l2cap_core.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 17ca13e8c044..baeebee41cd9 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -6492,6 +6492,14 @@ static inline void l2cap_le_sig_channel(struct l2cap_conn *conn, kfree_skb(skb); } +static inline void l2cap_sig_send_rej(struct l2cap_conn *conn, u16 ident) +{ + struct l2cap_cmd_rej_unk rej; + + rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); + l2cap_send_cmd(conn, ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej); +} + static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) { @@ -6517,23 +6525,24 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn, if (len > skb->len || !cmd->ident) { BT_DBG("corrupted command"); + l2cap_sig_send_rej(conn, cmd->ident); break; } err = l2cap_bredr_sig_cmd(conn, cmd, len, skb->data); if (err) { - struct l2cap_cmd_rej_unk rej; - BT_ERR("Wrong link type (%d)", err); - - rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); - l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, - sizeof(rej), &rej); + l2cap_sig_send_rej(conn, cmd->ident); } skb_pull(skb, len); } + if (skb->len > 0) { + BT_DBG("corrupted command"); + l2cap_sig_send_rej(conn, 0); + } + drop: kfree_skb(skb); } -- 2.34.1