diff options
| author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2023-11-20 10:04:39 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-01-01 12:42:40 +0000 |
| commit | 90d6a3974771395cebc8d97e8ec69d5444f65d5d (patch) | |
| tree | 91a7805404140fcada401f64a8471d3b01c202cb /net | |
| parent | 9c7560192619eb9c7f3204ff15e03dce0a73d15d (diff) | |
| download | linux-stable-90d6a3974771395cebc8d97e8ec69d5444f65d5d.tar.gz linux-stable-90d6a3974771395cebc8d97e8ec69d5444f65d5d.tar.bz2 linux-stable-90d6a3974771395cebc8d97e8ec69d5444f65d5d.zip | |
Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent
commit 99e67d46e5ff3c7c901af6009edec72d3d363be8 upstream.
Before setting HCI_INQUIRY bit check if HCI_OP_INQUIRY was really sent
otherwise the controller maybe be generating invalid events or, more
likely, it is a result of fuzzing tools attempting to test the right
behavior of the stack when unexpected events are generated.
Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218151
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/hci_event.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 3661f8cdbab7..152a1834838d 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2305,7 +2305,8 @@ static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) return; } - set_bit(HCI_INQUIRY, &hdev->flags); + if (hci_sent_cmd_data(hdev, HCI_OP_INQUIRY)) + set_bit(HCI_INQUIRY, &hdev->flags); } static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) |