From: Johan Hedberg Date: Mon, 14 Oct 2013 18:17:52 +0000 (+0300) Subject: Bluetooth: Reject invalid bdaddr types for sockets X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=80c1a2e76dbb36588facb265ab364b1302f7ef8c;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git Bluetooth: Reject invalid bdaddr types for sockets We need to verify that the bdaddr type passed to connect() and bind() is within the set of valid values. If it is not we need to cleanly fail with EINVAL. Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann --- diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index fcf012a422fd..3f21207d59e5 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -69,6 +69,9 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) if (la.l2_cid && la.l2_psm) return -EINVAL; + if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) + return -EINVAL; + lock_sock(sk); if (sk->sk_state != BT_OPEN) { @@ -144,6 +147,9 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, if (la.l2_cid && la.l2_psm) return -EINVAL; + if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) + return -EINVAL; + err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), &la.l2_bdaddr, la.l2_bdaddr_type); if (err)