linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
@ 2021-06-25 15:00 Dan Carpenter
  2021-06-25 16:17 ` bluez.test.bot
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Dan Carpenter @ 2021-06-25 15:00 UTC (permalink / raw)
  To: Marcel Holtmann, Frédéric Dalleau
  Cc: Johan Hedberg, Luiz Augusto von Dentz, Gustavo Padovan,
	linux-bluetooth, kernel-janitors

Smatch complains that some of these struct members are not initialized
leading to a stack information disclosure:

    net/bluetooth/sco.c:778 sco_conn_defer_accept() warn:
    check that 'cp.retrans_effort' doesn't leak information

This seems like a valid warning.  I've added a default case to fix
this issue.  It's sort of unusual to have case SCO_AIRMODE_CVSD,
followed by a default case but I think it's nicely readable.  :)

Fixes: 2f69a82acf6f ("Bluetooth: Use voice setting in deferred SCO connection request")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 net/bluetooth/sco.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index d9a4e88dacbb..e2ee00fea64b 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -770,6 +770,7 @@ static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
 			cp.retrans_effort = 0x02;
 			break;
 		case SCO_AIRMODE_CVSD:
+		default:
 			cp.max_latency = cpu_to_le16(0xffff);
 			cp.retrans_effort = 0xff;
 			break;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* RE: Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
  2021-06-25 15:00 [PATCH] Bluetooth: sco: prevent information leak in sco_conn_defer_accept() Dan Carpenter
@ 2021-06-25 16:17 ` bluez.test.bot
  2021-06-25 19:59   ` Dan Carpenter
  2021-07-08  7:11 ` bluez.test.bot
  2021-07-22 14:14 ` [PATCH] " Marcel Holtmann
  2 siblings, 1 reply; 6+ messages in thread
From: bluez.test.bot @ 2021-06-25 16:17 UTC (permalink / raw)
  To: linux-bluetooth, dan.carpenter

[-- Attachment #1: Type: text/plain, Size: 4055 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=507245

---Test result---

Test Summary:
CheckPatch                    FAIL      0.59 seconds
GitLint                       FAIL      0.13 seconds
BuildKernel                   PASS      689.23 seconds
TestRunner: Setup             PASS      448.25 seconds
TestRunner: l2cap-tester      PASS      3.23 seconds
TestRunner: bnep-tester       PASS      2.14 seconds
TestRunner: mgmt-tester       FAIL      37.90 seconds
TestRunner: rfcomm-tester     PASS      2.62 seconds
TestRunner: sco-tester        PASS      2.46 seconds
TestRunner: smp-tester        PASS      2.53 seconds
TestRunner: userchan-tester   PASS      2.20 seconds

Details
##############################
Test: CheckPatch - FAIL - 0.59 seconds
Run checkpatch.pl script with rule in .checkpatch.conf
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
WARNING: Unknown commit id '2f69a82acf6f', maybe rebased or not pulled?
#17: 
Fixes: 2f69a82acf6f ("Bluetooth: Use voice setting in deferred SCO connection request")

total: 0 errors, 1 warnings, 0 checks, 7 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

"[PATCH] Bluetooth: sco: prevent information leak in" has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: GitLint - FAIL - 0.13 seconds
Run gitlint with rule in .gitlint
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
13: B1 Line exceeds max length (87>80): "Fixes: 2f69a82acf6f ("Bluetooth: Use voice setting in deferred SCO connection request")"


##############################
Test: BuildKernel - PASS - 689.23 seconds
Build Kernel with minimal configuration supports Bluetooth


##############################
Test: TestRunner: Setup - PASS - 448.25 seconds
Setup environment for running Test Runner


##############################
Test: TestRunner: l2cap-tester - PASS - 3.23 seconds
Run test-runner with l2cap-tester
Total: 40, Passed: 40 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: bnep-tester - PASS - 2.14 seconds
Run test-runner with bnep-tester
Total: 1, Passed: 1 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: mgmt-tester - FAIL - 37.90 seconds
Run test-runner with mgmt-tester
Total: 446, Passed: 434 (97.3%), Failed: 7, Not Run: 5

Failed Test Cases
Read Ext Controller Info 1                           Failed       0.019 seconds
Read Ext Controller Info 2                           Failed       0.028 seconds
Read Ext Controller Info 3                           Failed       0.021 seconds
Read Ext Controller Info 4                           Failed       0.021 seconds
Read Ext Controller Info 5                           Failed       0.025 seconds
Add Ext Advertising - Success 21 (Timeout expires)   Timed out    3.097 seconds
Multi Ext Advertising - Success 1                    Timed out    2.362 seconds

##############################
Test: TestRunner: rfcomm-tester - PASS - 2.62 seconds
Run test-runner with rfcomm-tester
Total: 9, Passed: 9 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: sco-tester - PASS - 2.46 seconds
Run test-runner with sco-tester
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: smp-tester - PASS - 2.53 seconds
Run test-runner with smp-tester
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: userchan-tester - PASS - 2.20 seconds
Run test-runner with userchan-tester
Total: 3, Passed: 3 (100.0%), Failed: 0, Not Run: 0



---
Regards,
Linux Bluetooth


[-- Attachment #2: l2cap-tester.log --]
[-- Type: application/octet-stream, Size: 44349 bytes --]

[-- Attachment #3: bnep-tester.log --]
[-- Type: application/octet-stream, Size: 3556 bytes --]

[-- Attachment #4: mgmt-tester.log --]
[-- Type: application/octet-stream, Size: 613912 bytes --]

[-- Attachment #5: rfcomm-tester.log --]
[-- Type: application/octet-stream, Size: 11675 bytes --]

[-- Attachment #6: sco-tester.log --]
[-- Type: application/octet-stream, Size: 9912 bytes --]

[-- Attachment #7: smp-tester.log --]
[-- Type: application/octet-stream, Size: 11822 bytes --]

[-- Attachment #8: userchan-tester.log --]
[-- Type: application/octet-stream, Size: 5453 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
  2021-06-25 16:17 ` bluez.test.bot
@ 2021-06-25 19:59   ` Dan Carpenter
  2021-06-25 20:33     ` Luiz Augusto von Dentz
  0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2021-06-25 19:59 UTC (permalink / raw)
  To: linux-bluetooth

On Fri, Jun 25, 2021 at 09:17:26AM -0700, bluez.test.bot@gmail.com wrote:
> ##############################
> Test: CheckPatch - FAIL - 0.59 seconds
> Run checkpatch.pl script with rule in .checkpatch.conf
> Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
> WARNING: Unknown commit id '2f69a82acf6f', maybe rebased or not pulled?

I double checked the commit and it's correct.  It's from 2013 so it's
not clear how the bot got confused.

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
  2021-06-25 19:59   ` Dan Carpenter
@ 2021-06-25 20:33     ` Luiz Augusto von Dentz
  0 siblings, 0 replies; 6+ messages in thread
From: Luiz Augusto von Dentz @ 2021-06-25 20:33 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-bluetooth, An, Tedd

Hi Dan,

On Fri, Jun 25, 2021 at 1:02 PM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> On Fri, Jun 25, 2021 at 09:17:26AM -0700, bluez.test.bot@gmail.com wrote:
> > ##############################
> > Test: CheckPatch - FAIL - 0.59 seconds
> > Run checkpatch.pl script with rule in .checkpatch.conf
> > Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
> > WARNING: Unknown commit id '2f69a82acf6f', maybe rebased or not pulled?
>
> I double checked the commit and it's correct.  It's from 2013 so it's
> not clear how the bot got confused.

Yep, Ive seen this before with my own patches, perhaps there is
something with the CI tree which prevents checkpatch to locate the
commit id or something like that, @An, Tedd please have a look at CI
environment what could be causing this problem.

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
  2021-06-25 15:00 [PATCH] Bluetooth: sco: prevent information leak in sco_conn_defer_accept() Dan Carpenter
  2021-06-25 16:17 ` bluez.test.bot
@ 2021-07-08  7:11 ` bluez.test.bot
  2021-07-22 14:14 ` [PATCH] " Marcel Holtmann
  2 siblings, 0 replies; 6+ messages in thread
From: bluez.test.bot @ 2021-07-08  7:11 UTC (permalink / raw)
  To: linux-bluetooth, dan.carpenter

[-- Attachment #1: Type: text/plain, Size: 3574 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=507245

---Test result---

Test Summary:
CheckPatch                    FAIL      0.45 seconds
GitLint                       FAIL      0.10 seconds
BuildKernel                   PASS      512.78 seconds
TestRunner: Setup             PASS      342.18 seconds
TestRunner: l2cap-tester      PASS      2.73 seconds
TestRunner: bnep-tester       PASS      1.97 seconds
TestRunner: mgmt-tester       PASS      30.46 seconds
TestRunner: rfcomm-tester     PASS      2.13 seconds
TestRunner: sco-tester        PASS      2.07 seconds
TestRunner: smp-tester        FAIL      2.08 seconds
TestRunner: userchan-tester   PASS      2.02 seconds

Details
##############################
Test: CheckPatch - FAIL - 0.45 seconds
Run checkpatch.pl script with rule in .checkpatch.conf
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
WARNING: Unknown commit id '2f69a82acf6f', maybe rebased or not pulled?
#17: 
Fixes: 2f69a82acf6f ("Bluetooth: Use voice setting in deferred SCO connection request")

total: 0 errors, 1 warnings, 0 checks, 7 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

"[PATCH] Bluetooth: sco: prevent information leak in" has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: GitLint - FAIL - 0.10 seconds
Run gitlint with rule in .gitlint
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
13: B1 Line exceeds max length (87>80): "Fixes: 2f69a82acf6f ("Bluetooth: Use voice setting in deferred SCO connection request")"


##############################
Test: BuildKernel - PASS - 512.78 seconds
Build Kernel with minimal configuration supports Bluetooth


##############################
Test: TestRunner: Setup - PASS - 342.18 seconds
Setup environment for running Test Runner


##############################
Test: TestRunner: l2cap-tester - PASS - 2.73 seconds
Run test-runner with l2cap-tester
Total: 40, Passed: 40 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: bnep-tester - PASS - 1.97 seconds
Run test-runner with bnep-tester
Total: 1, Passed: 1 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: mgmt-tester - PASS - 30.46 seconds
Run test-runner with mgmt-tester
Total: 446, Passed: 443 (99.3%), Failed: 0, Not Run: 3

##############################
Test: TestRunner: rfcomm-tester - PASS - 2.13 seconds
Run test-runner with rfcomm-tester
Total: 9, Passed: 9 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: sco-tester - PASS - 2.07 seconds
Run test-runner with sco-tester
Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0

##############################
Test: TestRunner: smp-tester - FAIL - 2.08 seconds
Run test-runner with smp-tester
Total: 8, Passed: 7 (87.5%), Failed: 1, Not Run: 0

Failed Test Cases
SMP Client - SC Request 2                            Failed       0.020 seconds

##############################
Test: TestRunner: userchan-tester - PASS - 2.02 seconds
Run test-runner with userchan-tester
Total: 3, Passed: 3 (100.0%), Failed: 0, Not Run: 0



---
Regards,
Linux Bluetooth


[-- Attachment #2: l2cap-tester.log --]
[-- Type: application/octet-stream, Size: 44349 bytes --]

[-- Attachment #3: bnep-tester.log --]
[-- Type: application/octet-stream, Size: 3556 bytes --]

[-- Attachment #4: mgmt-tester.log --]
[-- Type: application/octet-stream, Size: 614403 bytes --]

[-- Attachment #5: rfcomm-tester.log --]
[-- Type: application/octet-stream, Size: 11676 bytes --]

[-- Attachment #6: sco-tester.log --]
[-- Type: application/octet-stream, Size: 9911 bytes --]

[-- Attachment #7: smp-tester.log --]
[-- Type: application/octet-stream, Size: 11704 bytes --]

[-- Attachment #8: userchan-tester.log --]
[-- Type: application/octet-stream, Size: 5452 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
  2021-06-25 15:00 [PATCH] Bluetooth: sco: prevent information leak in sco_conn_defer_accept() Dan Carpenter
  2021-06-25 16:17 ` bluez.test.bot
  2021-07-08  7:11 ` bluez.test.bot
@ 2021-07-22 14:14 ` Marcel Holtmann
  2 siblings, 0 replies; 6+ messages in thread
From: Marcel Holtmann @ 2021-07-22 14:14 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Frédéric Dalleau, Johan Hedberg,
	Luiz Augusto von Dentz, Gustavo Padovan, linux-bluetooth,
	kernel-janitors

Hi Dan,

> Smatch complains that some of these struct members are not initialized
> leading to a stack information disclosure:
> 
>    net/bluetooth/sco.c:778 sco_conn_defer_accept() warn:
>    check that 'cp.retrans_effort' doesn't leak information
> 
> This seems like a valid warning.  I've added a default case to fix
> this issue.  It's sort of unusual to have case SCO_AIRMODE_CVSD,
> followed by a default case but I think it's nicely readable.  :)
> 
> Fixes: 2f69a82acf6f ("Bluetooth: Use voice setting in deferred SCO connection request")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> net/bluetooth/sco.c | 1 +
> 1 file changed, 1 insertion(+)

I actually prefer a separate default statement since otherwise I get confused. Your patch with that minor change has been applied to bluetooth-next tree.

Regards

Marcel


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-07-22 14:14 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-25 15:00 [PATCH] Bluetooth: sco: prevent information leak in sco_conn_defer_accept() Dan Carpenter
2021-06-25 16:17 ` bluez.test.bot
2021-06-25 19:59   ` Dan Carpenter
2021-06-25 20:33     ` Luiz Augusto von Dentz
2021-07-08  7:11 ` bluez.test.bot
2021-07-22 14:14 ` [PATCH] " Marcel Holtmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).