Commit 682877c3 authored by Andre Guedes's avatar Andre Guedes Committed by Johan Hedberg

Bluetooth: Check MTU value in l2cap_sock_setsockopt_old

If user tries to set an invalid MTU value, l2cap_sock_setsockopt_old
should return -EINVAL.
Signed-off-by: default avatarAndre Guedes <andre.guedes@openbossa.org>
Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
parent 6fcb06a2
...@@ -445,6 +445,22 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch ...@@ -445,6 +445,22 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
return err; return err;
} }
static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
{
switch (chan->scid) {
case L2CAP_CID_LE_DATA:
if (mtu < L2CAP_LE_DEFAULT_MTU)
return false;
break;
default:
if (mtu < L2CAP_DEFAULT_MIN_MTU)
return false;
}
return true;
}
static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
{ {
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
...@@ -483,6 +499,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us ...@@ -483,6 +499,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
break; break;
} }
if (!l2cap_valid_mtu(chan, opts.imtu)) {
err = -EINVAL;
break;
}
chan->mode = opts.mode; chan->mode = opts.mode;
switch (chan->mode) { switch (chan->mode) {
case L2CAP_MODE_BASIC: case L2CAP_MODE_BASIC:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment