From nobody Mon Jul 1 15:25:11 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WCVGb70Vpz5P7vX for ; Mon, 01 Jul 2024 15:25:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WCVGb5VZ6z46bL for ; Mon, 1 Jul 2024 15:25:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719847511; a=rsa-sha256; cv=none; b=hfKj0l51MNDC/o7tJdrsgvgCjbQ8gdRGgBMsdCf2WvrZG2Fkvi+a5VfkvJqaqHeD4YOPPC YD5pQHQ3uWg3Odbg/1wdT8/5erL17JxUwrfQD0LJ9kn6q4NDYN7OxquiG4Eo4Gu316Zv78 8FCrZYXzTi4KchuE4wgn75anoFSPXoK2oUihBZX3UZgvcnhMQ0B3uVxEOutsj0U3+gT6R8 8MAmFcXyjrXLShaq1Is1I0AQioHTEu155LeSThGn5VdrZwa9JVkYkeQulEfiFb0CNtDq4b Ut4eB5ZfDCKFXTG6jZsuVtgn5hPsCApPqw7sYCpVSaJgCF9NaxTl/uEQsiUalQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719847511; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XkWK45LC8Yz0/G57nGgKPQTpHt5KFSgCimYpyLos3I8=; b=jjmwUwS10JIEFrEB4uk0LGOT1P5mAEj/b0+kBA48jYCQ4OLP1etnhh9EYAaXb1yxSRJbpe FPrYVkAfHO3sesscn5LC+WiJAdosO4eO6PwHtMqNYnUDxdjMHvIuquJm6GlbXobtIE7jLl VS8wK791fa/JeUIxD7qf3zsO5AJjUF5B3azzf4g079Cw7V7WeGxR2lXAii9h82kPh5P2a6 w7phW6ckHqQsdj7UeIGsE8Awp3I4OEFXrVqoJ1+bcyyA1p1WNEUXaUlV8OSyMk4V8qDAGw OmHIgODHikLmjtS4DMbxgZGjAL6MIETSe/UVBbiv6kv3DbVkDBrQ7vbE5CkEVg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WCVGb50JCz19BT for ; Mon, 1 Jul 2024 15:25:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 461FPBES032345 for ; Mon, 1 Jul 2024 15:25:11 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 461FPBFK032344 for net@FreeBSD.org; Mon, 1 Jul 2024 15:25:11 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280039] bluetooth socket security filter incomplete initialization Date: Mon, 01 Jul 2024 15:25:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280039 --- Comment #1 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Df8a46de2dd481da2bf69747551db30ea4= 53490d5 commit f8a46de2dd481da2bf69747551db30ea453490d5 Author: Ryan Libby AuthorDate: 2024-07-01 15:22:31 +0000 Commit: Ryan Libby CommitDate: 2024-07-01 15:22:31 +0000 bluetooth socket sysinit: correct memset initialization gcc -Wmemset-elt-size diagnosed this. The code was only initializing the first 1/sizeof(long) bytes. On 64-bit systems, this would mean only events up to 0x20 were initialized. This effectively reverses the security policy for some events with higher ids, now permitting them on unprivileged sockets. Two that are defined are NG_HCI_EVENT_LE (0x3e) and NG_HCI_EVENT_BT_LOGO (0xfe). PR: 280039 Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D45707 sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=