aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2013-04-05 08:57:34 -0400
committerGustavo Padovan <gustavo.padovan@collabora.co.uk>2013-04-05 22:44:14 -0400
commitb3916db32c4a3124eee9f3742a2f4723731d7602 (patch)
tree342531410aa6985decfc173e3bf892d7b4ec47e8 /include/net
parentc849edbdc2fc3a9ba37ae6810d7a1e2c92b302d7 (diff)
Bluetooth: hidp: verify l2cap sockets
We need to verify that the given sockets actually are l2cap sockets. If they aren't, we are not supposed to access bt_sk(sock) and we shouldn't start the session if the offsets turn out to be valid local BT addresses. That is, if someone passes a TCP socket to HIDCONNADD, then we access some random offset in the TCP socket (which isn't even guaranteed to be valid). Fix this by checking that the socket is an l2cap socket. Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/bluetooth/l2cap.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index cdd33021f831..278830ef92cd 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -786,6 +786,7 @@ extern bool disable_ertm;
786 786
787int l2cap_init_sockets(void); 787int l2cap_init_sockets(void);
788void l2cap_cleanup_sockets(void); 788void l2cap_cleanup_sockets(void);
789bool l2cap_is_socket(struct socket *sock);
789 790
790void __l2cap_connect_rsp_defer(struct l2cap_chan *chan); 791void __l2cap_connect_rsp_defer(struct l2cap_chan *chan);
791int __l2cap_wait_ack(struct sock *sk); 792int __l2cap_wait_ack(struct sock *sk);