Commit 99e67d46 authored by Luiz Augusto von Dentz's avatar Luiz Augusto von Dentz
Browse files

Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent 

Before setting HCI_INQUIRY bit check if HCI_OP_INQUIRY was really sent
otherwise the controller maybe be generating invalid events or, more
likely, it is a result of fuzzing tools attempting to test the right
behavior of the stack when unexpected events are generated.

Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218151


Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
parent 769bf60e

net/bluetooth/hci_event.c

+2 −1
Original line number Diff line number Diff line
@@ -2302,6 +2302,7 @@ static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 
		return;

	}



	if (hci_sent_cmd_data(hdev, HCI_OP_INQUIRY))

		set_bit(HCI_INQUIRY, &hdev->flags);

}