Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/bluetooth
History
Ignat Korchagin 3945c799f1 Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() 
bt_sock_alloc() attaches allocated sk object to the provided sock object.
If rfcomm_dlc_alloc() fails, we release the sk object, but leave the
dangling pointer in the sock object, which may cause use-after-free.

Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc().

Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241014153808.51894-4-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2024-10-15 18:43:08 -07:00
..
bnep move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
cmtp Bluetooth: CMTP: Mark BT_CMTP as DEPRECATED 2024-09-10 13:07:08 -04:00
hidp Bluetooth: Init sk_peer_* on bt_sock_alloc 2023-08-11 11:37:22 -07:00
rfcomm Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() 2024-10-15 18:43:08 -07:00
6lowpan.c ipv6: introduce dst_rt6_info() helper 2024-04-29 13:32:01 +01:00
Kconfig Bluetooth: Remove BT_HS 2024-03-06 17:22:39 -05:00
Makefile Bluetooth: Remove hci_request.{c,h} 2024-07-15 10:11:35 -04:00
af_bluetooth.c Bluetooth: af_bluetooth: Fix deadlock 2024-03-06 17:26:25 -05:00
aosp.c
aosp.h
coredump.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
ecdh_helper.c Bluetooth: Use crypto_wait_req 2023-02-13 18:34:48 +08:00
ecdh_helper.h
eir.c Bluetooth: Fix eir name length 2024-03-08 10:22:17 -05:00
eir.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
hci_codec.c Bluetooth: Fix support for Read Local Supported Codecs V2 2022-12-02 13:09:31 -08:00
hci_codec.h
hci_conn.c Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync 2024-10-04 16:54:17 -04:00
hci_core.c Including fixes from ieee802154, bluetooth and netfilter. 2024-10-03 09:44:00 -07:00
hci_debugfs.c Bluetooth: Remove hci_request.{c,h} 2024-07-15 10:11:35 -04:00
hci_debugfs.h
hci_event.c Including fixes from ieee802154, bluetooth and netfilter. 2024-10-03 09:44:00 -07:00
hci_sock.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
hci_sync.c Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL 2024-09-10 13:07:24 -04:00
hci_sysfs.c Bluetooth: Fix double free in hci_conn_cleanup 2023-10-23 11:05:11 -07:00
iso.c Bluetooth: iso: remove unused struct 'iso_list_data' 2024-07-14 21:34:31 -04:00
l2cap_core.c Bluetooth: L2CAP: Fix uaf in l2cap_connect 2024-09-27 10:52:18 -04:00
l2cap_sock.c Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() 2024-10-15 18:43:07 -07:00
leds.c Bluetooth: Use led_set_brightness() in LED trigger activate() callback 2024-09-10 13:06:11 -04:00
leds.h
lib.c Bluetooth: Add documentation to exported functions in lib 2023-12-22 12:54:55 -05:00
mgmt.c Including fixes from ieee802154, bluetooth and netfilter. 2024-10-03 09:44:00 -07:00
mgmt_config.c
mgmt_config.h
mgmt_util.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
mgmt_util.h Bluetooth: Fix a buffer overflow in mgmt_mesh_add() 2023-01-17 15:50:10 -08:00
msft.c Bluetooth: Remove hci_request.{c,h} 2024-07-15 10:11:35 -04:00
msft.h Bluetooth: msft: fix slab-use-after-free in msft_do_close() 2024-05-03 13:05:28 -04:00
sco.c net-accept-more-20240515 2024-05-18 10:32:39 -07:00
selftest.c
selftest.h
smp.c Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" 2024-08-30 17:56:53 -04:00
smp.h