]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Mon, 20 Nov 2023 15:04:39 +0000 (10:04 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 8 Jan 2024 10:25:04 +0000 (11:25 +0100)
commit 99e67d46e5ff3c7c901af6009edec72d3d363be8 upstream.

Before setting HCI_INQUIRY bit check if HCI_OP_INQUIRY was really sent
otherwise the controller maybe be generating invalid events or, more
likely, it is a result of fuzzing tools attempting to test the right
behavior of the stack when unexpected events are generated.

Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218151
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/bluetooth/hci_event.c

index bf863cf845bb171e3c96a3fbe88a7ebe596bef2e..07605fcc9091ef822b17ec495b42e9e4b4161711 100644 (file)
@@ -1471,7 +1471,8 @@ static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
                return;
        }
 
-       set_bit(HCI_INQUIRY, &hdev->flags);
+       if (hci_sent_cmd_data(hdev, HCI_OP_INQUIRY))
+               set_bit(HCI_INQUIRY, &hdev->flags);
 }
 
 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)