From: Johan Hedberg Date: Mon, 14 Oct 2013 18:17:53 +0000 (+0300) Subject: Bluetooth: Check that bind() bdaddr type matches connect() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1f209383f2be94e15e179da3a4cbcfeabcc2efc2;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git Bluetooth: Check that bind() bdaddr type matches connect() If a socket was bound to an address type other than BR/EDR (such as LE) we should reject trying to connect it to a BR/EDR address. The same applies for binding to BR/EDR and trying to connect to non-BR/EDR. Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann --- diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 3f21207d59e5..5ffd75e20bde 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -150,6 +150,12 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) return -EINVAL; + if (chan->src_type == BDADDR_BREDR && la.l2_bdaddr_type != BDADDR_BREDR) + return -EINVAL; + + if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR) + return -EINVAL; + err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), &la.l2_bdaddr, la.l2_bdaddr_type); if (err)