Bluetooth: qca: fix info leak when fetching fw build id

Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. Fixes: c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") Cc: stable@vger.kernel.org # 5.12 Signed-off-by: Johan Hovold <johan+linaro@kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
author: Johan Hovold <johan+linaro@kernel.org> 2024-05-01 15:34:52 +0300
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2024-05-03 20:05:32 +0300
commit: cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 (patch)
tree: ca23cfe2b4010de13158244afc683cbd9475a6ab /drivers/bluetooth/btqca.h
parent: dd336649ba89789c845618dcbc09867010aec673 (diff)
download: linux-cda0d6a198e2a7ec6f176c36173a57bdd8af7af2.tar.xz
1 files changed, 0 insertions, 1 deletions
diff --git a/drivers/bluetooth/btqca.h b/drivers/bluetooth/btqca.h
index 49ad668d0d0b..215433fd76a1 100644
--- a/drivers/bluetooth/btqca.h
+++ b/drivers/bluetooth/btqca.h
@@ -48,7 +48,6 @@
 #define get_soc_ver(soc_id, rom_ver)	\
 	((le32_to_cpu(soc_id) << 16) | (le16_to_cpu(rom_ver)))
 
-#define QCA_FW_BUILD_VER_LEN		255
 #define QCA_HSP_GF_SOC_ID			0x1200
 #define QCA_HSP_GF_SOC_MASK			0x0000ff00
author	Johan Hovold <johan+linaro@kernel.org>	2024-05-01 15:34:52 +0300
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2024-05-03 20:05:32 +0300
commit	cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 (patch)
tree	ca23cfe2b4010de13158244afc683cbd9475a6ab /drivers/bluetooth/btqca.h
parent	dd336649ba89789c845618dcbc09867010aec673 (diff)
download	linux-cda0d6a198e2a7ec6f176c36173a57bdd8af7af2.tar.xz