From patchwork Wed Jan 13 09:14:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Schmid, Carsten" X-Patchwork-Id: 12016239 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1004C433DB for ; Wed, 13 Jan 2021 09:24:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 69AE0233E2 for ; Wed, 13 Jan 2021 09:24:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726951AbhAMJY6 (ORCPT ); Wed, 13 Jan 2021 04:24:58 -0500 Received: from esa3.mentor.iphmx.com ([68.232.137.180]:57967 "EHLO esa3.mentor.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726475AbhAMJY6 (ORCPT ); Wed, 13 Jan 2021 04:24:58 -0500 X-Greylist: delayed 591 seconds by postgrey-1.27 at vger.kernel.org; Wed, 13 Jan 2021 04:24:57 EST IronPort-SDR: oQx+oW3YgQ34GUkiRWB/lbjxIo/sXT4IDXADHu5MoXOmTQ4Oty5nGwtoL/GwG7gtYvlr+IDlJv hO14eXMICsGBwGmvO6h2iivyokdjWHmRpvXvQDfevPmeVKKiWtxIZl55CNZSGUm4VXHaHhAowR CkFkZ5bnUkze7g9BXNU+pCm/yb3KUCYtIuAaZkFJyJvHOvWeWoMhBpKK/wmBjuLrTGry1ObGZF wjoFwb5Y9UaNcky68ghBD31ZbfeK0BjLzgJa6kdOAYgKp3GhAxZXHwCc3jbPFudoE4F3OOUFqU XZY= X-IronPort-AV: E=Sophos;i="5.79,343,1602576000"; d="scan'208";a="57025122" Received: from orw-gwy-01-in.mentorg.com ([192.94.38.165]) by esa3.mentor.iphmx.com with ESMTP; 13 Jan 2021 01:14:10 -0800 IronPort-SDR: v+yBA8g8gSN1j3hSW+HqpyVzdeOKAwBOKODYOZ07cegDo5g5yF/Tn8REgajk0wxZc96GIRUz5K jAUxb97Ox1zjnFxhoQlugYVN3VHa8gIIV2bexLK3xcRkr1q7Skx8Q/2vboK/SM+YY7dt2dXVz6 WwXHLw9dv51uZCPbjFD+hBANL8p6pQXUYN46Y4z/0coQ0VQopjycz/duRUtT8mEqt2y9nR7Qfm lk6Ekw1188TpilbOzEOhpwzj+JPDXvTL20Tgq2vy0gEEevRsggrBfBZOovsWoyJttrRD/2/S/8 KiA= From: "Schmid, Carsten" To: "marcel@holtmann.org" , "luiz.dentz@gmail.com" CC: "linux-bluetooth@vger.kernel.org" Subject: [PATCH] Bluetooth: A2MP: Fix zeroing rsp ID field Thread-Topic: [PATCH] Bluetooth: A2MP: Fix zeroing rsp ID field Thread-Index: AdbpjDEpj2Bt5FvMTi+VqXfLqRQOOg== Date: Wed, 13 Jan 2021 09:14:05 +0000 Message-ID: <96880a534a9c477c87ee9f57fa6ff7fd@SVR-IES-MBX-03.mgc.mentorg.com> Accept-Language: de-DE, en-IE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [137.202.0.90] MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Marcel, Luiz, i have prepared a patch for the erroneous zeroing of rsp.id. See below. Best regards Carsten ------------- From 495748ae3072c328f92435fd184fd278f763de84 Mon Sep 17 00:00:00 2001 From: Carsten Schmid Date: Wed, 13 Jan 2021 09:34:51 +0100 Subject: [PATCH] Bluetooth: A2MP: Fix zeroing rsp ID field Patch "Bluetooth: A2MP: Fix not initializing all members" has one place where the stack variable rsp.id is zeroed with memset after initializing it. Fix this by zeroing the stack variable and setting rsp.id after. Detected-by: Tobias Kaufmann Cc: stable@vger.kernel.org Fixes: eddb7732119d ("Bluetooth: A2MP: Fix not initializing all members") Signed-off-by: Carsten Schmid --- net/bluetooth/a2mp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.17.1 ----------------- Mentor Graphics (Deutschland) GmbH, Arnulfstraße 201, 80634 München / Germany Registergericht München HRB 106955, Geschäftsführer: Thomas Heurung, Alexander Walter diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c index da7fd7c8c2dc..64e737883a0e 100644 --- a/net/bluetooth/a2mp.c +++ b/net/bluetooth/a2mp.c @@ -381,10 +381,10 @@ static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb, hdev = hci_dev_get(req->id); if (!hdev || hdev->amp_type == AMP_TYPE_BREDR || tmp) { struct a2mp_amp_assoc_rsp rsp; -rsp.id = req->id; - memset(&rsp, 0, sizeof(rsp)); +rsp.id = req->id; + if (tmp) { rsp.status = A2MP_STATUS_COLLISION_OCCURED; amp_mgr_put(tmp);