Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0151e426 authored by Marcel Holtmann's avatar Marcel Holtmann Committed by Johan Hedberg
Browse files

Bluetooth: Restrict BNEP flags to only valid ones 



The BNEP flags should be clearly restricted to valid ones. So this puts
extra checks in place to ensure this.

Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
parent 5f5da99f

net/bluetooth/bnep/core.c

+11 −1
Original line number Diff line number Diff line
@@ -525,6 +525,7 @@ static struct device_type bnep_type = { 


int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)

{

	u32 valid_flags = 0;

	struct net_device *dev;

	struct bnep_session *s, *ss;

	u8 dst[ETH_ALEN], src[ETH_ALEN];
@@ -535,6 +536,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock) 
	if (!l2cap_is_socket(sock))

		return -EBADFD;



	if (req->flags & ~valid_flags)

		return -EINVAL;



	baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst);

	baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);
@@ -611,11 +615,15 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock) 


int bnep_del_connection(struct bnep_conndel_req *req)

{

	u32 valid_flags = 0;

	struct bnep_session *s;

	int  err = 0;



	BT_DBG("");



	if (req->flags & ~valid_flags)

		return -EINVAL;



	down_read(&bnep_session_sem);



	s = __bnep_get_session(req->dst);
@@ -631,10 +639,12 @@ int bnep_del_connection(struct bnep_conndel_req *req) 


static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)

{

	u32 valid_flags = 0;



	memset(ci, 0, sizeof(*ci));

	memcpy(ci->dst, s->eh.h_source, ETH_ALEN);

	strcpy(ci->device, s->dev->name);

	ci->flags = s->flags;

	ci->flags = s->flags & valid_flags;

	ci->state = s->state;

	ci->role  = s->role;

}