diff options
| author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2023-11-20 10:04:39 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-01-08 11:27:36 +0100 |
| commit | e5f7ce90a212be2714577b3dad6459bf45975c2a (patch) | |
| tree | e6afb2607f97acf02ea59cf3efd52625e360bea8 | |
| parent | f08abcc6d56f01f6f7d318d03776997d8b6e02a8 (diff) | |
| download | linux-e5f7ce90a212be2714577b3dad6459bf45975c2a.tar.gz linux-e5f7ce90a212be2714577b3dad6459bf45975c2a.tar.bz2 linux-e5f7ce90a212be2714577b3dad6459bf45975c2a.zip | |
Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent
commit 99e67d46e5ff3c7c901af6009edec72d3d363be8 upstream.
Before setting HCI_INQUIRY bit check if HCI_OP_INQUIRY was really sent
otherwise the controller maybe be generating invalid events or, more
likely, it is a result of fuzzing tools attempting to test the right
behavior of the stack when unexpected events are generated.
Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218151
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | net/bluetooth/hci_event.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 8b59f7808628..7ce6932d9ca6 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -1701,7 +1701,8 @@ static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) return; } - set_bit(HCI_INQUIRY, &hdev->flags); + if (hci_sent_cmd_data(hdev, HCI_OP_INQUIRY)) + set_bit(HCI_INQUIRY, &hdev->flags); } static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) |