Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PW_SID:573401] Bluetooth: stop proccessing malicious adv data #602

Closed
wants to merge 2 commits into from
Closed

[PW_SID:573401] Bluetooth: stop proccessing malicious adv data #602

wants to merge 2 commits into from

Conversation

BluezTestBot
Copy link
Owner

Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The
problem was in missing validaion check.

We should check if data is not malicious and we can read next data block.
If we won't check ptr validness, code can read a way beyond skb->end and
it can cause problems, of course.

Fixes: e95beb4 ("Bluetooth: hci_le_adv_report_evt code refactoring")
Reported-and-tested-by: syzbot+e3fcb9c4f3c2a931dc40@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin paskripkin@gmail.com

tedd-an and others added 2 commits November 1, 2021 06:45
@tedd-an @BluezTestBot
workflow: Add workflow files for ci
29b5d2a 
This patch adds workflow files for ci:

[schedule_work.yml]
 - The workflow file for scheduled work
 - Sync the repo with upstream repo and rebase the workflow branch
 - Review the patches in the patchwork and creates the PR if needed

[ci.yml]
 - The workflow file for CI tasks
 - Run CI tests when PR is created

Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>
@pskrgag @BluezTestBot
Bluetooth: stop proccessing malicious adv data
54dbbb7 
Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The
problem was in missing validaion check.

We should check if data is not malicious and we can read next data block.
If we won't check ptr validness, code can read a way beyond skb->end and
it can cause problems, of course.

Fixes: e95beb4 ("Bluetooth: hci_le_adv_report_evt code refactoring")
Reported-and-tested-by: syzbot+e3fcb9c4f3c2a931dc40@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
@github-actions
Copy link

github-actions bot commented Nov 1, 2021

CheckPatch
Test ID: checkpatch
Desc: Run checkpatch.pl script with rule in .checkpatch.conf
Duration: 1.46 seconds
Result: FAIL
Output:

Bluetooth: stop proccessing malicious adv data\WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#91: 
Reported-and-tested-by: syzbot+e3fcb9c4f3c2a931dc40@syzkaller.appspotmail.com

CHECK:SPACING: No space is necessary after a cast
#116: FILE: net/bluetooth/hci_event.c:5795:
+		if (ptr > (void *) skb_tail_pointer(skb) - sizeof(*ev)) {

total: 0 errors, 1 warnings, 1 checks, 20 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/12595947.patch has style problems, please review.

NOTE: Ignored message types: UNKNOWN_COMMIT_ID

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

GitLint
Test ID: gitlint
Desc: Run gitlint with rule in .gitlint
Duration: 0.89 seconds
Result: PASS

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

BuildKernel
Test ID: buildkernel
Desc: Build Kernel with minimal configuration supports Bluetooth
Duration: 531.50 seconds
Result: PASS

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

TestRunner: Setup
Test ID: testrunnersetup
Desc: Setup environment for running Test Runner
Duration: 391.20 seconds
Result: PASS

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

TestRunner: l2cap-tester
Test ID: testrunnerl2cap-tester
Desc: Run test-runner with l2cap-tester
Duration: 8.64 seconds
Result: PASS
Output:

Total: 40, Passed: 40 (100.0%), Failed: 0, Not Run: 0

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

TestRunner: bnep-tester
Test ID: testrunnerbnep-tester
Desc: Run test-runner with bnep-tester
Duration: 4.81 seconds
Result: PASS
Output:

Total: 1, Passed: 1 (100.0%), Failed: 0, Not Run: 0

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

TestRunner: mgmt-tester
Test ID: testrunnermgmt-tester
Desc: Run test-runner with mgmt-tester
Duration: 84.68 seconds
Result: FAIL
Output:

Total: 468, Passed: 463 (98.9%), Failed: 5, Not Run: 0

Failed Test Cases
Read Ext Controller Info 1                           Failed       0.101 seconds
Read Ext Controller Info 2                           Failed       0.112 seconds
Read Ext Controller Info 3                           Failed       0.096 seconds
Read Ext Controller Info 4                           Failed       0.098 seconds
Read Ext Controller Info 5                           Failed       0.112 seconds

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

TestRunner: rfcomm-tester
Test ID: testrunnerrfcomm-tester
Desc: Run test-runner with rfcomm-tester
Duration: 5.98 seconds
Result: PASS
Output:

Total: 9, Passed: 9 (100.0%), Failed: 0, Not Run: 0

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

TestRunner: sco-tester
Test ID: testrunnersco-tester
Desc: Run test-runner with sco-tester
Duration: 6.12 seconds
Result: PASS
Output:

Total: 12, Passed: 12 (100.0%), Failed: 0, Not Run: 0

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

TestRunner: smp-tester
Test ID: testrunnersmp-tester
Desc: Run test-runner with smp-tester
Duration: 5.95 seconds
Result: PASS
Output:

Total: 8, Passed: 8 (100.0%), Failed: 0, Not Run: 0

@github-actions
Copy link

github-actions bot commented Nov 1, 2021

TestRunner: userchan-tester
Test ID: testrunneruserchan-tester
Desc: Run test-runner with userchan-tester
Duration: 5.08 seconds
Result: PASS
Output:

Total: 4, Passed: 4 (100.0%), Failed: 0, Not Run: 0

@github-actions github-actions bot force-pushed the workflow branch 17 times, most recently from 1bcd5d2 to 8f31ee6 Compare November 2, 2021 01:39
@github-actions github-actions bot force-pushed the workflow branch 28 times, most recently from 2cdb3af to a96d49d Compare November 4, 2021 18:44
@BluezTestBot BluezTestBot deleted the 573401 branch November 4, 2021 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@BluezTestBot @tedd-an @pskrgag