Skip to content

[Backport ncs-v3.1-branch] [nrf fromlist] Bluetooth: Host: Add req/rsp l2cap validation #3177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 8, 2025
Merged

[Backport ncs-v3.1-branch] [nrf fromlist] Bluetooth: Host: Add req/rsp l2cap validation #3177

merged 1 commit into from
Aug 8, 2025

Conversation

@github-actions
Copy link

@github-actions github-actions bot commented Aug 8, 2025

Backport 7f14815 from #3174.

@HaavardRei @github-actions
[nrf fromlist] Bluetooth: Host: Add req/rsp l2cap validation
b0b3d3e 
L2CAP channels will now, along with the ident, store the opcode of the
pending request. This commit expands the ident lookup function to also
compare received response types to this opcode, and will ignore
unsolicited responses.

Setting of idents for channels are moved after verification of buffer
allocation for the request to be sent. A TODO is added for improving
this functionality at a later time.

Upstream PR #: 94080

Signed-off-by: Håvard Reierstad <[email protected]>
(cherry picked from commit 7f14815)
@NordicBuilder NordicBuilder mentioned this pull request Aug 8, 2025
Closed
@HaavardRei HaavardRei added this to the ncs-3.1.0 milestone Aug 8, 2025
@alwa-nordic alwa-nordic requested a review from Copilot August 8, 2025 07:57
Copilot
Copilot AI reviewed Aug 8, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR backports a security improvement that adds request/response validation to L2CAP (Logical Link Control and Adaptation Protocol) channels in the Bluetooth host stack. The change enhances the validation mechanism to match responses with their corresponding requests by tracking the pending request opcode.

  • Adds a new pending_req field to track the opcode of pending L2CAP requests
  • Updates the identifier lookup mechanism to validate both identifier and request opcode
  • Improves response validation by ensuring responses match the expected request type

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
subsys/bluetooth/host/l2cap.c Implements request/response validation by adding opcode tracking and updating lookup functions
include/zephyr/bluetooth/l2cap.h Adds pending_req field to bt_l2cap_le_chan structure for tracking request opcodes

@nordicjm nordicjm merged commit 0351d6e into ncs-v3.1-branch Aug 8, 2025
2 checks passed
@NordicBuilder
Copy link
Contributor

none

Note: This comment is automatically posted and updated by the Contribs GitHub Action.

@HaavardRei HaavardRei deleted the backport-3174-to-ncs-v3.1-branch branch August 8, 2025 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HaavardRei HaavardRei HaavardRei left review comments

Copilot code review Copilot Copilot left review comments

@PavelVPV PavelVPV PavelVPV approved these changes

@alwa-nordic alwa-nordic alwa-nordic approved these changes

Assignees

No one assigned

Labels

Backport external

Projects

None yet

Milestone

ncs-3.1.0

Development

Successfully merging this pull request may close these issues.

5 participants

@NordicBuilder @PavelVPV @alwa-nordic @HaavardRei @nordicjm