From: Marcel Holtmann Date: Mon, 20 Feb 2012 13:50:32 +0000 (+0100) Subject: Bluetooth: Limit HCI raw socket options to actual raw sockets X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2f39cdb7a270da24532734dfdfd10c490be981c4;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git Bluetooth: Limit HCI raw socket options to actual raw sockets Currently the socket options of HCI sockets can be set on raw and control sockets, but on control sockets they make no sense. So just return EINVAL in that case. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index b5b3bc8d2848..612bc2af05a9 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c @@ -601,6 +601,11 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char lock_sock(sk); + if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { + err = -EINVAL; + goto done; + } + switch (optname) { case HCI_DATA_DIR: if (get_user(opt, (int __user *)optval)) { @@ -663,6 +668,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char break; } +done: release_sock(sk); return err; }