Google Git
Sign in
pigweed/third_party/github/zephyrproject-rtos/zephyr/refs/heads/upstream/backport-104913-to-v4.3-branch
commit
ac3741a5bdcabf787a8fd0b08d5f0661c5bf5b93
[log]
author
Oleh Konko <security@1seal.org>
Wed Mar 04 17:54:33 2026 +0100
committer
github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Fri May 01 19:22:53 2026 +0000
tree
ebc043b086e177b2a24c253806cd8708c1e3d5b1
parent
25c4b91f3f277b430804e7ba76c3b3d46fb69539 [diff]
bluetooth: l2cap: validate alloc_buf user data

validate the assumptions about buffers returned by alloc_buf() in the
LE CoC receive path.

if the returned buffer does not provide enough user_data space for the
internal segment counter, disconnect and drop the buffer instead of
reading or writing past the metadata area.

also document that alloc_buf() must return a buffer with at least
sizeof(uint16_t) bytes of user_data.

Signed-off-by: Oleh Konko <security@1seal.org>
(cherry picked from commit 09ad7174e940fde3bdd2e24214ca249c12a41cb8)
2 files changed
tree: ebc043b086e177b2a24c253806cd8708c1e3d5b1
  1. .github/
  2. arch/
  3. boards/
  4. cmake/
  5. doc/
  6. drivers/
  7. dts/
  8. include/
  9. kernel/
  10. lib/
  11. LICENSES/
  12. misc/
  13. modules/
  14. samples/
  15. scripts/
  16. share/
  17. snippets/
  18. soc/
  19. submanifests/
  20. subsys/
  21. tests/
  22. .checkpatch.conf
  23. .clang-format
  24. .codechecker.yml
  25. .codecov.yml
  26. .editorconfig
  27. .gitattributes
  28. .gitignore
  29. .gitlint
  30. .mailmap
  31. .ruff-excludes.toml
  32. .ruff.toml
  33. .yamllint
  34. CMakeLists.txt
  35. CODE_OF_CONDUCT.md
  36. CODEOWNERS
  37. CONTRIBUTING.rst
  38. Kconfig
  39. Kconfig.constants
  40. Kconfig.zephyr
  41. LICENSE
  42. MAINTAINERS.yml
  43. README.rst
  44. REUSE.toml
  45. SDK_VERSION
  46. VERSION
  47. version.h.in
  48. west.yml
  49. zephyr-env.cmd
  50. zephyr-env.sh