android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent

Browse Source 
commit 99e67d46e5ff3c7c901af6009edec72d3d363be8 upstream.

Before setting HCI_INQUIRY bit check if HCI_OP_INQUIRY was really sent
otherwise the controller maybe be generating invalid events or, more
likely, it is a result of fuzzing tools attempting to test the right
behavior of the stack when unexpected events are generated.

Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218151
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Luiz Augusto von Dentz 2023-11-20 10:04:39 -05:00 committed by Greg Kroah-Hartman
parent d36d945f94
commit 470896ecbc
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
net/bluetooth/hci_event.c
View File

@ -2301,7 +2301,8 @@ static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
return; return;
} }
set_bit(HCI_INQUIRY, &hdev->flags); if (hci_sent_cmd_data(hdev, HCI_OP_INQUIRY))
set_bit(HCI_INQUIRY, &hdev->flags);
} }
static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)