Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d0bef1d2 authored by Marcel Holtmann's avatar Marcel Holtmann
Browse files

Bluetooth: Add extra channel checks for control open/close messages 



The control open and close monitoring events require special channel
checks to ensure messages are only send when the right events happen.

Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
parent 5a6d2cf5

net/bluetooth/hci_sock.c

+19 −5
Original line number Original line Diff line number Diff line
@@ -479,7 +479,7 @@ static struct sk_buff *create_monitor_ctrl_open(struct sock *sk) 
{

{

	struct hci_mon_hdr *hdr;

	struct hci_mon_hdr *hdr;

	struct sk_buff *skb;

	struct sk_buff *skb;

	u16 format = 0x0002;

	u16 format;

	u8 ver[3];

	u8 ver[3];

	u32 flags;

	u32 flags;
@@ -487,11 +487,20 @@ static struct sk_buff *create_monitor_ctrl_open(struct sock *sk) 
	if (!hci_pi(sk)->cookie)

	if (!hci_pi(sk)->cookie)

		return NULL;

		return NULL;





	switch (hci_pi(sk)->channel) {

	case HCI_CHANNEL_CONTROL:

		format = 0x0002;

		mgmt_fill_version_info(ver);

		break;

	default:

		/* No message for unsupported format */

		return NULL;

	}



	skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);

	skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);

	if (!skb)

	if (!skb)

		return NULL;

		return NULL;





	mgmt_fill_version_info(ver);

	flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;

	flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;





	put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));

	put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
@@ -523,6 +532,14 @@ static struct sk_buff *create_monitor_ctrl_close(struct sock *sk) 
	if (!hci_pi(sk)->cookie)

	if (!hci_pi(sk)->cookie)

		return NULL;

		return NULL;





	switch (hci_pi(sk)->channel) {

	case HCI_CHANNEL_CONTROL:

		break;

	default:

		/* No message for unsupported format */

		return NULL;

	}



	skb = bt_skb_alloc(4, GFP_ATOMIC);

	skb = bt_skb_alloc(4, GFP_ATOMIC);

	if (!skb)

	if (!skb)

		return NULL;

		return NULL;
@@ -652,9 +669,6 @@ static void send_monitor_control_replay(struct sock *mon_sk) 
	sk_for_each(sk, &hci_sk_list.head) {

	sk_for_each(sk, &hci_sk_list.head) {

		struct sk_buff *skb;

		struct sk_buff *skb;





		if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)

			continue;



		skb = create_monitor_ctrl_open(sk);

		skb = create_monitor_ctrl_open(sk);

		if (!skb)

		if (!skb)

			continue;

			continue;