Received: by 2002:a05:7412:98c1:b0:fa:551:50a7 with SMTP id kc1csp1787065rdb; Mon, 8 Jan 2024 10:07:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IEmEJh0ZRyo5I6DiW9PLVmvdGru9lMKZIcMo3vUF6BldPHBEO12SlyLM/p6gvakJh37BCF+ X-Received: by 2002:a4a:8c42:0:b0:590:9d46:2e64 with SMTP id v2-20020a4a8c42000000b005909d462e64mr2561329ooj.16.1704737275055; Mon, 08 Jan 2024 10:07:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704737275; cv=none; d=google.com; s=arc-20160816; b=If4CXplX0wC7b3sn/d8ThU03xg/yw5/UaGUq9UWwS5xCNmTK1a+uJceWSVXcySwsGR 0Y32RgvhFjAh/1KSd8A1rn69OqdpntjFHm6KgIqm0FvSjQbXju/eh3ekov0m1wYkLVbu QTvSMgBDJ+xDLKvOFO+NcQ3WM6fSK+8ePZFX4VgH9N2IFju2O0RbrdBC5qe9xPOKqb89 Jv23C/fKx7p1yJmJ/5YDIaKfgx8AEVoVPEqNXb+Mgzjn4vouFGIBSOAeru145Dn0ELe/ qynoiGNBFFQYr/KGxiqpdb9eVUZTFRRvv1U4jlktGPAE4Pa2EFIe2ZCzTPHRjYjvZ9be ouiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:date:message-id:from:subject :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=IoFPzI/SYCkC1KsvPIxLjrXWld0Hd0r8FJ6IFA20w1Y=; fh=SxEAuPQ8ejLaRp/4EKwLHWnPRGJOiaFPh40KOEQcGZM=; b=xwGtpRYuAAGtI8tuo0sQOtK22L0cWXSo2epv+KQV3g/9QGOtChBSnZVZe+xVW1NJu5 456YurgdF5Yb5efcXuaCy1q6ZyU5l2lHeRUTGVj3Hdzm4hhtKus/9F1SIECFfYlwPwQU bqEzq2JIEcxlIGEfg68qKY1Nw6DJ/+VVO2CA/sh8bl5bvvnQsn60dMdpXAoIDBrHDI8b 7AcwryQ9PdM2SwR1+c9nhHqD2klib0+WIq0n4drbJx/eteBwoYypA6aZECAZXvDbMew+ fFcdGRM0gPClpf0Hi9gTX2QTgLxSIxH49QuY057GE3cocNCSlxkOFw7Xl7qAj3CiSPQX BZ2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KPLEgK7a; spf=pass (google.com: domain of linux-bluetooth+bounces-955-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-955-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id jl19-20020a056102195300b004670b1e913bsi107683vsb.481.2024.01.08.10.07.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 10:07:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-955-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KPLEgK7a; spf=pass (google.com: domain of linux-bluetooth+bounces-955-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-955-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C145C1C21060 for ; Mon, 8 Jan 2024 18:07:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7A8E75579C; Mon, 8 Jan 2024 18:00:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KPLEgK7a" X-Original-To: linux-bluetooth@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E32A054BCA; Mon, 8 Jan 2024 18:00:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPS id 82C0CC433CC; Mon, 8 Jan 2024 18:00:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1704736824; bh=ZPtCBC9L0AvdsOpji1pM9ayh3zDXg4gMWbVp5crgq4Y=; h=Subject:From:Date:References:In-Reply-To:To:Cc:From; b=KPLEgK7a0Glokga2cTTT2aCJjMLwhE7Z6f1CPbXcz5o5TpbDifdNN2Evs6LiRvbl1 ki/W0m7b0LyY4wyhjfP89wzF5FLsCAcCtx8/g/g4niwoZ2Uidec9L1609Gby7cKuyo HLY9ZxjdcQBaHIYBTp1i6XUiBJoiCxwXAVRf3g4KRnWv3ya8++7rpau8dDMu9/HnoG C+7zXt/yWYwk3QEsieL9FvjLUUdDPVbqgIu/O9nipi72oOwAiF/zyFoYQ32OVh+tM7 IqEvcJZEMh4SW14/1H8WO4Eqb+0fV8jc+caUDJaWxQVln84H+Ae1OsyMV1GCItiC8V sf/5ZeHowdriQ== Received: from aws-us-west-2-korg-oddjob-1.ci.codeaurora.org (localhost.localdomain [127.0.0.1]) by aws-us-west-2-korg-oddjob-1.ci.codeaurora.org (Postfix) with ESMTP id 5CA2AD8C977; Mon, 8 Jan 2024 18:00:24 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [PATCH V3] Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security From: patchwork-bot+bluetooth@kernel.org Message-Id: <170473682437.30343.8024937175045116311.git-patchwork-notify@kernel.org> Date: Mon, 08 Jan 2024 18:00:24 +0000 References: <20240103091043.3379363-1-20373622@buaa.edu.cn> In-Reply-To: <20240103091043.3379363-1-20373622@buaa.edu.cn> To: Yuxuan-Hu <20373622@buaa.edu.cn> Cc: marcel@holtmann.org, johan.hedberg@gmail.com, luiz.dentz@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, baijiaju1990@gmail.com, sy2239101@buaa.edu.cn, pmenzel@molgen.mpg.de Hello: This patch was applied to bluetooth/bluetooth-next.git (master) by Luiz Augusto von Dentz : On Wed, 3 Jan 2024 17:10:43 +0800 you wrote: > During our fuzz testing of the connection and disconnection process at the > RFCOMM layer, we discovered this bug. By comparing the packets from a > normal connection and disconnection process with the testcase that > triggered a KASAN report. We analyzed the cause of this bug as follows: > > 1. In the packets captured during a normal connection, the host sends a > `Read Encryption Key Size` type of `HCI_CMD` packet > (Command Opcode: 0x1408) to the controller to inquire the length of > encryption key.After receiving this packet, the controller immediately > replies with a Command Completepacket (Event Code: 0x0e) to return the > Encryption Key Size. > > [...] Here is the summary with links: - [V3] Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security https://git.kernel.org/bluetooth/bluetooth-next/c/6ec00b0737fe You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html