[Bug 280039] bluetooth socket security filter incomplete initialization

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 01 Jul 2024 15:25:11 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280039

--- Comment #1 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=f8a46de2dd481da2bf69747551db30ea453490d5

commit f8a46de2dd481da2bf69747551db30ea453490d5
Author:     Ryan Libby <rlibby@FreeBSD.org>
AuthorDate: 2024-07-01 15:22:31 +0000
Commit:     Ryan Libby <rlibby@FreeBSD.org>
CommitDate: 2024-07-01 15:22:31 +0000

    bluetooth socket sysinit: correct memset initialization

    gcc -Wmemset-elt-size diagnosed this.  The code was only initializing
    the first 1/sizeof(long) bytes.  On 64-bit systems, this would mean only
    events up to 0x20 were initialized.

    This effectively reverses the security policy for some events with
    higher ids, now permitting them on unprivileged sockets.  Two that are
    defined are NG_HCI_EVENT_LE (0x3e) and NG_HCI_EVENT_BT_LOGO (0xfe).

    PR:             280039
    Reviewed by:    imp
    Differential Revision:  https://reviews.freebsd.org/D45707

 sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.