Date: Mon, 01 Jul 2024 15:25:11 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280039] bluetooth socket security filter incomplete initialization Message-ID: <bug-280039-7501-9gigjx6Qxs@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280039-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-280039-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280039 --- Comment #1 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Df8a46de2dd481da2bf69747551db30ea4= 53490d5 commit f8a46de2dd481da2bf69747551db30ea453490d5 Author: Ryan Libby <rlibby@FreeBSD.org> AuthorDate: 2024-07-01 15:22:31 +0000 Commit: Ryan Libby <rlibby@FreeBSD.org> CommitDate: 2024-07-01 15:22:31 +0000 bluetooth socket sysinit: correct memset initialization gcc -Wmemset-elt-size diagnosed this. The code was only initializing the first 1/sizeof(long) bytes. On 64-bit systems, this would mean only events up to 0x20 were initialized. This effectively reverses the security policy for some events with higher ids, now permitting them on unprivileged sockets. Two that are defined are NG_HCI_EVENT_LE (0x3e) and NG_HCI_EVENT_BT_LOGO (0xfe). PR: 280039 Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D45707 sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280039-7501-9gigjx6Qxs>