Commit 8bf17a36 authored by Marcel Holtmann's avatar Marcel Holtmann Committed by Johan Hedberg

Bluetooth: Restrict CMTP flags to only valid ones

The CMTP flags should be clearly restricted to valid ones. So this puts
extra checks in place to ensure this.
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
parent 41533fe5
...@@ -75,10 +75,11 @@ static void __cmtp_unlink_session(struct cmtp_session *session) ...@@ -75,10 +75,11 @@ static void __cmtp_unlink_session(struct cmtp_session *session)
static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci) static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)
{ {
u32 valid_flags = BIT(CMTP_LOOPBACK);
memset(ci, 0, sizeof(*ci)); memset(ci, 0, sizeof(*ci));
bacpy(&ci->bdaddr, &session->bdaddr); bacpy(&ci->bdaddr, &session->bdaddr);
ci->flags = session->flags; ci->flags = session->flags & valid_flags;
ci->state = session->state; ci->state = session->state;
ci->num = session->num; ci->num = session->num;
...@@ -329,6 +330,7 @@ static int cmtp_session(void *arg) ...@@ -329,6 +330,7 @@ static int cmtp_session(void *arg)
int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock) int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
{ {
u32 valid_flags = BIT(CMTP_LOOPBACK);
struct cmtp_session *session, *s; struct cmtp_session *session, *s;
int i, err; int i, err;
...@@ -337,6 +339,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock) ...@@ -337,6 +339,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
if (!l2cap_is_socket(sock)) if (!l2cap_is_socket(sock))
return -EBADFD; return -EBADFD;
if (req->flags & ~valid_flags)
return -EINVAL;
session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL); session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
if (!session) if (!session)
return -ENOMEM; return -ENOMEM;
...@@ -409,11 +414,15 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock) ...@@ -409,11 +414,15 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
int cmtp_del_connection(struct cmtp_conndel_req *req) int cmtp_del_connection(struct cmtp_conndel_req *req)
{ {
u32 valid_flags = 0;
struct cmtp_session *session; struct cmtp_session *session;
int err = 0; int err = 0;
BT_DBG(""); BT_DBG("");
if (req->flags & ~valid_flags)
return -EINVAL;
down_read(&cmtp_session_sem); down_read(&cmtp_session_sem);
session = __cmtp_get_session(&req->bdaddr); session = __cmtp_get_session(&req->bdaddr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment