commit | e305509e678b3a4af2b3cfd410f409f7cdaabb52 | [log] [tgz] |
---|---|---|
author | Lin Ma <linma@zju.edu.cn> | Sun May 30 21:37:43 2021 +0800 |
committer | Marcel Holtmann <marcel@holtmann.org> | Mon May 31 14:33:26 2021 +0200 |
tree | 74dfc8160419cf67bc15caebd9617da5f4e2d090 | |
parent | 6a137caec23aeb9e036cdfd8a46dd8a366460e5d [diff] |
Bluetooth: use correct lock to prevent UAF of hdev object The hci_sock_dev_event() function will cleanup the hdev object for sockets even if this object may still be in used within the hci_sock_bound_ioctl() function, result in UAF vulnerability. This patch replace the BH context lock to serialize these affairs and prevent the race condition. Signed-off-by: Lin Ma <linma@zju.edu.cn> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>