diff options
| author | Marcel Holtmann <marcel@holtmann.org> | 2015-11-19 10:16:41 -0500 |
|---|---|---|
| committer | Johan Hedberg <johan.hedberg@intel.com> | 2015-11-22 08:00:16 -0500 |
| commit | ceff86af56e09469d21732c16fd27a7337983c48 (patch) | |
| tree | 86aed6f06e699f72507270d42aa5c4cc72eae713 /net/bluetooth | |
| parent | e9d63767258753f28920d954712806a061b69547 (diff) | |
Bluetooth: Add instance range check for Add Advertising command
The instance range check for Add Advertising command is missing. If the
provided instance is out of range an Invalid Parameters error should be
returned. At the moment, the generic Failed error is returned. This
extra check ensures that clear error messages are returned.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Diffstat (limited to 'net/bluetooth')
| -rw-r--r-- | net/bluetooth/mgmt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index eca203e891d2..2c6533a3f937 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
| @@ -6839,6 +6839,10 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev, | |||
| 6839 | return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, | 6839 | return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, |
| 6840 | status); | 6840 | status); |
| 6841 | 6841 | ||
| 6842 | if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) | ||
| 6843 | return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, | ||
| 6844 | MGMT_STATUS_INVALID_PARAMS); | ||
| 6845 | |||
| 6842 | flags = __le32_to_cpu(cp->flags); | 6846 | flags = __le32_to_cpu(cp->flags); |
| 6843 | timeout = __le16_to_cpu(cp->timeout); | 6847 | timeout = __le16_to_cpu(cp->timeout); |
| 6844 | duration = __le16_to_cpu(cp->duration); | 6848 | duration = __le16_to_cpu(cp->duration); |