diff options
| author | Ryan Libby <rlibby@FreeBSD.org> | 2024-07-01 15:22:31 +0000 |
|---|---|---|
| committer | Ryan Libby <rlibby@FreeBSD.org> | 2024-07-01 15:22:31 +0000 |
| commit | f8a46de2dd481da2bf69747551db30ea453490d5 (patch) | |
| tree | 5b6cd00f183ad00733fd9486e220a00666efd238 | |
| parent | 2abea9df01655633aabbb9bf3204c90722001202 (diff) | |
| download | src-f8a46de2dd481da2bf69747551db30ea453490d5.tar.gz src-f8a46de2dd481da2bf69747551db30ea453490d5.zip | |
bluetooth socket sysinit: correct memset initialization
gcc -Wmemset-elt-size diagnosed this. The code was only initializing
the first 1/sizeof(long) bytes. On 64-bit systems, this would mean only
events up to 0x20 were initialized.
This effectively reverses the security policy for some events with
higher ids, now permitting them on unprivileged sockets. Two that are
defined are NG_HCI_EVENT_LE (0x3e) and NG_HCI_EVENT_BT_LOGO (0xfe).
PR: 280039
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D45707
| -rw-r--r-- | sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c b/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c index b8caf0c515fd..b123322b33aa 100644 --- a/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c +++ b/sys/netgraph/bluetooth/socket/ng_btsocket_hci_raw.c @@ -808,8 +808,7 @@ ng_btsocket_hci_raw_init(void *arg __unused) /* Enable all events */ memset(&ng_btsocket_hci_raw_sec_filter->events, 0xff, - sizeof(ng_btsocket_hci_raw_sec_filter->events)/ - sizeof(ng_btsocket_hci_raw_sec_filter->events[0])); + sizeof(ng_btsocket_hci_raw_sec_filter->events)); /* Disable some critical events */ f = ng_btsocket_hci_raw_sec_filter->events; |