Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24c54a90 authored by Marcel Holtmann's avatar Marcel Holtmann Committed by Johan Hedberg
Browse files

Bluetooth: Disabling discoverable with timeout is invalid 



Add one extra sanity check to ensure that the supplied timeout value is
actually valid in this context.

Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
parent f51d5b24

net/bluetooth/mgmt.c

+5 −2
Original line number Diff line number Diff line
@@ -850,13 +850,16 @@ static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len) 
		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,

						MGMT_STATUS_INVALID_PARAMS);



	timeout = get_unaligned_le16(&cp->timeout);

	if (!cp->val && timeout > 0)

		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,

						MGMT_STATUS_INVALID_PARAMS);



	hdev = hci_dev_get(index);

	if (!hdev)

		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,

						MGMT_STATUS_INVALID_PARAMS);



	timeout = get_unaligned_le16(&cp->timeout);



	hci_dev_lock(hdev);



	if (!hdev_is_powered(hdev) && timeout > 0) {