diff options
| author | Michael Bestas <mkbestas@lineageos.org> | 2020-10-23 18:21:25 +0300 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2020-10-23 18:21:25 +0300 |
| commit | 794b42a9a5fd60bd14413abedafdd2a9b07b1308 (patch) | |
| tree | 2c00d2a954de42f9dc54b3a7894c1ad99a2e8a8b /include/net | |
| parent | 24b3bdcf71522f4d711958b01e8a8f234fe2450d (diff) | |
| parent | 7a9986e91f90994623e4c5de1effce14729dba96 (diff) | |
Merge branch 'android-4.4-p' of https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-06000-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
7a9986e91f909 UPSTREAM: binder: fix UAF when releasing todo list
Conflicts:
fs/eventpoll.c
Change-Id: I77260d03cb539d7e7eefcea360aee2d59bb9e0cb
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/bluetooth/hci_core.h | 30 | ||||
| -rw-r--r-- | include/net/xfrm.h | 16 |
2 files changed, 30 insertions, 16 deletions
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 7c0c83dfe86e..5aaf6cdb121a 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -1235,16 +1235,34 @@ static inline void hci_auth_cfm(struct hci_conn *conn, __u8 status) conn->security_cfm_cb(conn, status); } -static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status, - __u8 encrypt) +static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status) { struct hci_cb *cb; + __u8 encrypt; + + if (conn->state == BT_CONFIG) { + if (!status) + conn->state = BT_CONNECTED; - if (conn->sec_level == BT_SECURITY_SDP) - conn->sec_level = BT_SECURITY_LOW; + hci_connect_cfm(conn, status); + hci_conn_drop(conn); + return; + } - if (conn->pending_sec_level > conn->sec_level) - conn->sec_level = conn->pending_sec_level; + if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) + encrypt = 0x00; + else if (test_bit(HCI_CONN_AES_CCM, &conn->flags)) + encrypt = 0x02; + else + encrypt = 0x01; + + if (!status) { + if (conn->sec_level == BT_SECURITY_SDP) + conn->sec_level = BT_SECURITY_LOW; + + if (conn->pending_sec_level > conn->sec_level) + conn->sec_level = conn->pending_sec_level; + } mutex_lock(&hci_cb_list_lock); list_for_each_entry(cb, &hci_cb_list, list) { diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 4b8d8af7942a..2a63f7e30506 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1733,21 +1733,17 @@ static inline int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay static inline int xfrm_replay_clone(struct xfrm_state *x, struct xfrm_state *orig) { - x->replay_esn = kzalloc(xfrm_replay_state_esn_len(orig->replay_esn), + + x->replay_esn = kmemdup(orig->replay_esn, + xfrm_replay_state_esn_len(orig->replay_esn), GFP_KERNEL); if (!x->replay_esn) return -ENOMEM; - - x->replay_esn->bmp_len = orig->replay_esn->bmp_len; - x->replay_esn->replay_window = orig->replay_esn->replay_window; - - x->preplay_esn = kmemdup(x->replay_esn, - xfrm_replay_state_esn_len(x->replay_esn), + x->preplay_esn = kmemdup(orig->preplay_esn, + xfrm_replay_state_esn_len(orig->preplay_esn), GFP_KERNEL); - if (!x->preplay_esn) { - kfree(x->replay_esn); + if (!x->preplay_esn) return -ENOMEM; - } return 0; } |