git: f8a46de2dd48 - main - bluetooth socket sysinit: correct memset initialization
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 01 Jul 2024 15:24:59 UTC
The branch main has been updated by rlibby:
URL: https://cgit.FreeBSD.org/src/commit/?id=f8a46de2dd481da2bf69747551db30ea453490d5
commit f8a46de2dd481da2bf69747551db30ea453490d5
Author: Ryan Libby <rlibby@FreeBSD.org>
AuthorDate: 2024-07-01 15:22:31 +0000
Commit: Ryan Libby <rlibby@FreeBSD.org>
CommitDate: 2024-07-01 15:22:31 +0000
bluetooth socket sysinit: correct memset initialization
gcc -Wmemset-elt-size diagnosed this. The code was only initializing
the first 1/sizeof(long) bytes. On 64-bit systems, this would mean only
events up to 0x20 were initialized.
This effectively reverses the security policy for some events with
higher ids, now permitting them on unprivileged sockets. Two that are
defined are NG_HCI_EVENT_LE (0x3e) and NG_HCI_EVENT_BT_LOGO (0xfe).
PR: 280039
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D45707
---
sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c b/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c
index b8caf0c515fd..b123322b33aa 100644
--- a/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c
+++ b/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c
@@ -808,8 +808,7 @@ ng_btsocket_hci_raw_init(void *arg __unused)
/* Enable all events */
memset(&ng_btsocket_hci_raw_sec_filter->events, 0xff,
- sizeof(ng_btsocket_hci_raw_sec_filter->events)/
- sizeof(ng_btsocket_hci_raw_sec_filter->events[0]));
+ sizeof(ng_btsocket_hci_raw_sec_filter->events));
/* Disable some critical events */
f = ng_btsocket_hci_raw_sec_filter->events;