Bluetooth: Restrict CMTP flags to only valid ones

static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)

static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)

{

{

	u32 valid_flags = BIT(CMTP_LOOPBACK);

	memset(ci, 0, sizeof(*ci));

	memset(ci, 0, sizeof(*ci));

	bacpy(&ci->bdaddr, &session->bdaddr);

	bacpy(&ci->bdaddr, &session->bdaddr);

	ci->flags = session->flags;

	ci->flags = session->flags & valid_flags;

	ci->state = session->state;

	ci->state = session->state;

	ci->num = session->num;

	ci->num = session->num;

int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)

int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)

{

{

	u32 valid_flags = BIT(CMTP_LOOPBACK);

	struct cmtp_session *session, *s;

	struct cmtp_session *session, *s;

	int i, err;

	int i, err;

	if (!l2cap_is_socket(sock))

	if (!l2cap_is_socket(sock))

		return -EBADFD;

		return -EBADFD;

	if (req->flags & ~valid_flags)

		return -EINVAL;

	session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);

	session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);

	if (!session)

	if (!session)

		return -ENOMEM;

		return -ENOMEM;

int cmtp_del_connection(struct cmtp_conndel_req *req)

int cmtp_del_connection(struct cmtp_conndel_req *req)

{

{

	u32 valid_flags = 0;

	struct cmtp_session *session;

	struct cmtp_session *session;

	int err = 0;

	int err = 0;

	BT_DBG("");

	BT_DBG("");

	if (req->flags & ~valid_flags)

		return -EINVAL;

	down_read(&cmtp_session_sem);

	down_read(&cmtp_session_sem);

	session = __cmtp_get_session(&req->bdaddr);

	session = __cmtp_get_session(&req->bdaddr);