bluetooth: Prevent stack info leak from the EFS element.

author Ben Seri <ben@armis.com>

Mon, 4 Dec 2017 14:13:25 +0000 (14:13 +0000)

committer Ben Hutchings <ben@decadent.org.uk>

Sun, 14 Jan 2018 19:45:05 +0000 (19:45 +0000)
author Ben Seri <ben@armis.com>
Mon, 4 Dec 2017 14:13:25 +0000 (14:13 +0000)
committer Ben Hutchings <ben@decadent.org.uk>
Sun, 14 Jan 2018 19:45:05 +0000 (19:45 +0000)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c

index 43ba91c440bcd65bd9f24258a28d01492cf6ac13..fc6615d5916524c446a9f4f952f2f8b7b5b67e16 100644 (file)
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3363,9 +3363,10 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data
                         break;
  
                 case L2CAP_CONF_EFS:
-                       remote_efs = 1;
-                       if (olen == sizeof(efs))
+                       if (olen == sizeof(efs)) {
+                               remote_efs = 1;
                                 memcpy(&efs, (void *) val, olen);
+                       }
                         break;
  
                 case L2CAP_CONF_EWS:
@@ -3584,16 +3585,17 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
                         break;
  
                 case L2CAP_CONF_EFS:
-                       if (olen == sizeof(efs))
+                       if (olen == sizeof(efs)) {
                                 memcpy(&efs, (void *)val, olen);
  
-                       if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
-                           efs.stype != L2CAP_SERV_NOTRAFIC &&
-                           efs.stype != chan->local_stype)
-                               return -ECONNREFUSED;
+                               if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
+                                   efs.stype != L2CAP_SERV_NOTRAFIC &&
+                                   efs.stype != chan->local_stype)
+                                       return -ECONNREFUSED;
  
-                       l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
-                                          (unsigned long) &efs, endptr - ptr);
+                               l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
+                                                  (unsigned long) &efs, endptr - ptr);
+                       }
                         break;
  
                 case L2CAP_CONF_FCS:
author	Ben Seri <ben@armis.com>
	Mon, 4 Dec 2017 14:13:25 +0000 (14:13 +0000)
committer	Ben Hutchings <ben@decadent.org.uk>
	Sun, 14 Jan 2018 19:45:05 +0000 (19:45 +0000)