diff options
| author | Marcel Holtmann <marcel@holtmann.org> | 2005-09-12 19:32:31 -0400 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2005-09-12 19:32:31 -0400 |
| commit | 354d28d5f8546e115ebaae9311897f0bc4b6a8d4 (patch) | |
| tree | 0eb7bd932d43047b592b80d42808f8cdc33286c8 /net/bluetooth/rfcomm/sock.c | |
| parent | 21d9e30ed020d24336cc3bee2a4e04da232ed554 (diff) | |
[Bluetooth] Prevent RFCOMM connections through the RAW socket
This patch adds additional checks to prevent RFCOMM connections be
established through the RAW socket interface.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth/rfcomm/sock.c')
| -rw-r--r-- | net/bluetooth/rfcomm/sock.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 90e19eb6d3cc..f49e7e938bfb 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
| @@ -363,6 +363,11 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr | |||
| 363 | goto done; | 363 | goto done; |
| 364 | } | 364 | } |
| 365 | 365 | ||
| 366 | if (sk->sk_type != SOCK_STREAM) { | ||
| 367 | err = -EINVAL; | ||
| 368 | goto done; | ||
| 369 | } | ||
| 370 | |||
| 366 | write_lock_bh(&rfcomm_sk_list.lock); | 371 | write_lock_bh(&rfcomm_sk_list.lock); |
| 367 | 372 | ||
| 368 | if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { | 373 | if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { |
| @@ -393,13 +398,17 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a | |||
| 393 | if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) | 398 | if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) |
| 394 | return -EINVAL; | 399 | return -EINVAL; |
| 395 | 400 | ||
| 396 | if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) | 401 | lock_sock(sk); |
| 397 | return -EBADFD; | ||
| 398 | 402 | ||
| 399 | if (sk->sk_type != SOCK_STREAM) | 403 | if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { |
| 400 | return -EINVAL; | 404 | err = -EBADFD; |
| 405 | goto done; | ||
| 406 | } | ||
| 401 | 407 | ||
| 402 | lock_sock(sk); | 408 | if (sk->sk_type != SOCK_STREAM) { |
| 409 | err = -EINVAL; | ||
| 410 | goto done; | ||
| 411 | } | ||
| 403 | 412 | ||
| 404 | sk->sk_state = BT_CONNECT; | 413 | sk->sk_state = BT_CONNECT; |
| 405 | bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); | 414 | bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); |
| @@ -410,6 +419,7 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a | |||
| 410 | err = bt_sock_wait_state(sk, BT_CONNECTED, | 419 | err = bt_sock_wait_state(sk, BT_CONNECTED, |
| 411 | sock_sndtimeo(sk, flags & O_NONBLOCK)); | 420 | sock_sndtimeo(sk, flags & O_NONBLOCK)); |
| 412 | 421 | ||
| 422 | done: | ||
| 413 | release_sock(sk); | 423 | release_sock(sk); |
| 414 | return err; | 424 | return err; |
| 415 | } | 425 | } |
| @@ -428,6 +438,11 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog) | |||
| 428 | goto done; | 438 | goto done; |
| 429 | } | 439 | } |
| 430 | 440 | ||
| 441 | if (sk->sk_type != SOCK_STREAM) { | ||
| 442 | err = -EINVAL; | ||
| 443 | goto done; | ||
| 444 | } | ||
| 445 | |||
| 431 | if (!rfcomm_pi(sk)->channel) { | 446 | if (!rfcomm_pi(sk)->channel) { |
| 432 | bdaddr_t *src = &bt_sk(sk)->src; | 447 | bdaddr_t *src = &bt_sk(sk)->src; |
| 433 | u8 channel; | 448 | u8 channel; |
| @@ -472,6 +487,11 @@ static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int f | |||
| 472 | goto done; | 487 | goto done; |
| 473 | } | 488 | } |
| 474 | 489 | ||
| 490 | if (sk->sk_type != SOCK_STREAM) { | ||
| 491 | err = -EINVAL; | ||
| 492 | goto done; | ||
| 493 | } | ||
| 494 | |||
| 475 | timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); | 495 | timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); |
| 476 | 496 | ||
| 477 | BT_DBG("sk %p timeo %ld", sk, timeo); | 497 | BT_DBG("sk %p timeo %ld", sk, timeo); |