| Message ID | 20221206131752.153365-5-cengiz.can@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | None | expand |
On 06.12.22 14:17, Cengiz Can wrote: > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > l2cap_global_chan_by_psm shall not return fixed channels as they are not > meant to be connected by (S)PSM. > > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com> > CVE-2022-42896 > (cherry picked from commit f937b758a188d6fd328a81367087eddbb2fce50f) > Signed-off-by: Cengiz Can <cengiz.can@canonical.com> > --- Applied to focal:linux/master-next. Thanks. -Stefan > net/bluetooth/l2cap_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c > index 6f32f728b978..92dcc5742b54 100644 > --- a/net/bluetooth/l2cap_core.c > +++ b/net/bluetooth/l2cap_core.c > @@ -1833,7 +1833,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, > if (link_type == LE_LINK && c->src_type == BDADDR_BREDR) > continue; > > - if (c->psm == psm) { > + if (c->chan_type != L2CAP_CHAN_FIXED && c->psm == psm) { > int src_match, dst_match; > int src_any, dst_any; >
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 6f32f728b978..92dcc5742b54 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -1833,7 +1833,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, if (link_type == LE_LINK && c->src_type == BDADDR_BREDR) continue; - if (c->psm == psm) { + if (c->chan_type != L2CAP_CHAN_FIXED && c->psm == psm) { int src_match, dst_match; int src_any, dst_any;