linux/bluetooth at 1c172febdf065375359b2b95156e476bfee30b60 - linux - Nytegear Gitea

mirrors/linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-04-02 01:08:26 -04:00

Files

History

Jianpeng Chang 1b9c17fd0a Bluetooth: MGMT: Fix memory leak in set_ssp_complete

Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures
are not freed after being removed from the pending list.

Commit 302a1f674c ("Bluetooth: MGMT: Fix possible UAFs") replaced
mgmt_pending_foreach() calls with individual command handling but missed
adding mgmt_pending_free() calls in both error and success paths of
set_ssp_complete(). Other completion functions like set_le_complete()
were fixed correctly in the same commit.

This causes a memory leak of the mgmt_pending_cmd structure and its
associated parameter data for each SSP command that completes.

Add the missing mgmt_pending_free(cmd) calls in both code paths to fix
the memory leak. Also fix the same issue in set_advertising_complete().

Fixes: 302a1f674c ("Bluetooth: MGMT: Fix possible UAFs")
Signed-off-by: Jianpeng Chang <jianpeng.chang.cn@windriver.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

2026-01-22 13:26:53 -05:00

..

Bluetooth: bnep: fix wild-memory-access in proto_unregister

2024-10-16 16:10:03 -04:00

Bluetooth: CMTP: Mark BT_CMTP as DEPRECATED

2024-09-10 13:07:08 -04:00

treewide, timers: Rename from_timer() to timer_container_of()

2025-06-08 09:07:37 +02:00

net: Convert proto_ops connect() callbacks to use sockaddr_unsized

2025-11-04 19:10:32 -08:00

6lowpan.c

Bluetooth: 6lowpan: add missing l2cap_chan_lock()

2025-11-10 16:08:41 -05:00

af_bluetooth.c

Bluetooth: ISO: add socket option to report packet seqnum via CMSG

2025-07-23 10:31:19 -04:00

aosp.c

Bluetooth: aosp: Fix typo in comment

2025-07-23 10:30:18 -04:00

aosp.h

Bluetooth: aosp: Support AOSP Bluetooth Quality Report

2021-11-02 19:37:52 +01:00

coredump.c

Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv

2025-07-23 10:33:57 -04:00

ecdh_helper.c

Bluetooth: Use crypto_wait_req

2023-02-13 18:34:48 +08:00

ecdh_helper.h

Fix misc new gcc warnings

2021-04-27 17:05:53 -07:00

eir.c

Bluetooth: eir: Fix possible crashes on eir_create_adv_data

2025-06-11 16:29:22 -04:00

eir.h

Bluetooth: eir: Fix possible crashes on eir_create_adv_data

2025-06-11 16:29:22 -04:00

hci_codec.c

Bluetooth: Fix support for Read Local Supported Codecs V2

2022-12-02 13:09:31 -08:00

hci_codec.h

Bluetooth: Add support for Read Local Supported Codecs V2

2021-09-07 14:09:18 -07:00

hci_conn.c

Bluetooth: HCI: Always use the identity address when initializing a connection

2025-12-01 16:00:06 -05:00

hci_core.c

Bluetooth: hci_core: lookup hci_conn on RX path on protocol side

2025-11-20 17:01:09 -05:00

hci_debugfs.c

Bluetooth: hci_dev: replace 'quirks' integer by 'quirk_flags' bitmap

2025-07-16 15:37:53 -04:00

hci_debugfs.h

Bluetooth: hci_core: Move all debugfs handling to hci_debugfs.c

2021-09-22 16:17:13 +02:00

hci_drv.c

Bluetooth: Introduce HCI Driver protocol

2025-05-21 10:28:07 -04:00

hci_event.c

Bluetooth: HCI: Add support for LL Extended Feature Set

2025-12-01 16:21:16 -05:00

hci_sock.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2025-11-27 12:19:08 -08:00

hci_sync.c

Bluetooth: hci_sync: enable PA Sync Lost event

2026-01-09 16:03:57 -05:00

hci_sysfs.c

Bluetooth: Allow reset via sysfs

2025-01-15 10:37:07 -05:00

iso.c

Bluetooth: iso: fix socket matching ambiguity between BIS and CIS

2025-12-01 16:00:07 -05:00

Kconfig

Bluetooth: Remove BT_HS

2024-03-06 17:22:39 -05:00

l2cap_core.c

Bluetooth: hci_core: lookup hci_conn on RX path on protocol side

2025-11-20 17:01:09 -05:00

l2cap_sock.c

net: Convert proto_ops connect() callbacks to use sockaddr_unsized

2025-11-04 19:10:32 -08:00

leds.c

Bluetooth: Use led_set_brightness() in LED trigger activate() callback

2024-09-10 13:06:11 -04:00

leds.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500

2019-06-19 17:09:55 +02:00

lib.c

Bluetooth: Fix typos in comments

2025-07-23 10:30:48 -04:00

Makefile

Bluetooth: Introduce HCI Driver protocol

2025-05-21 10:28:07 -04:00

mgmt_config.c

Bluetooth: Avoid a couple dozen -Wflex-array-member-not-at-end warnings

2025-09-27 11:37:43 -04:00

mgmt_config.h

Bluetooth: mgmt: Add commands for runtime configuration

2020-06-18 13:11:03 +03:00

mgmt_util.c

Bluetooth: MGMT: Fix possible UAFs

2025-09-22 10:30:00 -04:00

mgmt_util.h

Bluetooth: MGMT: Fix possible UAFs

2025-09-22 10:30:00 -04:00

mgmt.c

Bluetooth: MGMT: Fix memory leak in set_ssp_complete

2026-01-22 13:26:53 -05:00

msft.c

Bluetooth: hci_dev: replace 'quirks' integer by 'quirk_flags' bitmap

2025-07-16 15:37:53 -04:00

msft.h

Bluetooth: msft: fix slab-use-after-free in msft_do_close()

2024-05-03 13:05:28 -04:00

sco.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2025-11-27 12:19:08 -08:00

selftest.c

crypto: ecdh - move curve_id of ECDH from the key to algorithm name

2021-03-13 00:04:03 +11:00

selftest.h

Bluetooth: Add support for self testing framework

2014-12-30 08:53:55 +02:00

smp.c

Bluetooth: SMP: Fix not generating mackey and ltk when repairing

2025-11-20 17:02:07 -05:00

smp.h

Bluetooth: SMP: If an unallowed command is received consider it a failure

2025-07-16 15:33:30 -04:00