Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 682877c3 authored by Andre Guedes's avatar Andre Guedes Committed by Johan Hedberg
Browse files

Bluetooth: Check MTU value in l2cap_sock_setsockopt_old 



If user tries to set an invalid MTU value, l2cap_sock_setsockopt_old
should return -EINVAL.

Signed-off-by: default avatarAndre Guedes <andre.guedes@openbossa.org>
Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
parent 6fcb06a2

net/bluetooth/l2cap_sock.c

+21 −0
Original line number Diff line number Diff line
@@ -445,6 +445,22 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch 
	return err;

}



static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)

{

	switch (chan->scid) {

	case L2CAP_CID_LE_DATA:

		if (mtu < L2CAP_LE_DEFAULT_MTU)

			return false;

		break;



	default:

		if (mtu < L2CAP_DEFAULT_MIN_MTU)

			return false;

	}



	return true;

}



static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)

{

	struct sock *sk = sock->sk;
@@ -483,6 +499,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us 
			break;

		}



		if (!l2cap_valid_mtu(chan, opts.imtu)) {

			err = -EINVAL;

			break;

		}



		chan->mode = opts.mode;

		switch (chan->mode) {

		case L2CAP_MODE_BASIC: