Commit 3abc53a6 authored Nov 20, 2023 by Luiz Augusto von Dentz Committed by Greg Kroah-Hartman Jan 08, 2024

Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent

commit 99e67d46e5ff3c7c901af6009edec72d3d363be8 upstream.

Before setting HCI_INQUIRY bit check if HCI_OP_INQUIRY was really sent
otherwise the controller maybe be generating invalid events or, more
likely, it is a result of fuzzing tools attempting to test the right
behavior of the stack when unexpected events are generated.

Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218151


Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 54fdb263

net/bluetooth/hci_event.c

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -1471,6 +1471,7 @@ static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
	return;		return;
	}		}

			if (hci_sent_cmd_data(hdev, HCI_OP_INQUIRY))
	set_bit(HCI_INQUIRY, &hdev->flags);		set_bit(HCI_INQUIRY, &hdev->flags);
	}		}