diff options
author | Andre Guedes <andre.guedes@openbossa.org> | 2012-05-31 16:01:34 -0400 |
---|---|---|
committer | Johan Hedberg <johan.hedberg@intel.com> | 2012-06-04 23:34:15 -0400 |
commit | 682877c31fc1b6510b694b6b8e78d8dde53a47cc (patch) | |
tree | f1b042c56fa7c6d61026fafa7d2f90478c26c910 | |
parent | 6fcb06a28d150095f042c477fbe20a9767d9a951 (diff) |
Bluetooth: Check MTU value in l2cap_sock_setsockopt_old
If user tries to set an invalid MTU value, l2cap_sock_setsockopt_old
should return -EINVAL.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
-rw-r--r-- | net/bluetooth/l2cap_sock.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index d856cc8f22a3..ab5868d94307 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
@@ -445,6 +445,22 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch | |||
445 | return err; | 445 | return err; |
446 | } | 446 | } |
447 | 447 | ||
448 | static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) | ||
449 | { | ||
450 | switch (chan->scid) { | ||
451 | case L2CAP_CID_LE_DATA: | ||
452 | if (mtu < L2CAP_LE_DEFAULT_MTU) | ||
453 | return false; | ||
454 | break; | ||
455 | |||
456 | default: | ||
457 | if (mtu < L2CAP_DEFAULT_MIN_MTU) | ||
458 | return false; | ||
459 | } | ||
460 | |||
461 | return true; | ||
462 | } | ||
463 | |||
448 | static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) | 464 | static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) |
449 | { | 465 | { |
450 | struct sock *sk = sock->sk; | 466 | struct sock *sk = sock->sk; |
@@ -483,6 +499,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us | |||
483 | break; | 499 | break; |
484 | } | 500 | } |
485 | 501 | ||
502 | if (!l2cap_valid_mtu(chan, opts.imtu)) { | ||
503 | err = -EINVAL; | ||
504 | break; | ||
505 | } | ||
506 | |||
486 | chan->mode = opts.mode; | 507 | chan->mode = opts.mode; |
487 | switch (chan->mode) { | 508 | switch (chan->mode) { |
488 | case L2CAP_MODE_BASIC: | 509 | case L2CAP_MODE_BASIC: |