Bluetooth: Check MTU value in l2cap_sock_setsockopt_old

If user tries to set an invalid MTU value, l2cap_sock_setsockopt_old should return -EINVAL. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
author: Andre Guedes <andre.guedes@openbossa.org> 2012-05-31 16:01:34 -0400
committer: Johan Hedberg <johan.hedberg@intel.com> 2012-06-04 23:34:15 -0400
commit: 682877c31fc1b6510b694b6b8e78d8dde53a47cc (patch)
tree: f1b042c56fa7c6d61026fafa7d2f90478c26c910 /net/bluetooth
parent: 6fcb06a28d150095f042c477fbe20a9767d9a951 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index d856cc8f22a3..ab5868d94307 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -445,6 +445,22 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
        return err;
 }
+static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
+{
+        switch (chan->scid) {
+        case L2CAP_CID_LE_DATA:
+                if (mtu < L2CAP_LE_DEFAULT_MTU)
+                        return false;
+                break;
+        default:
+                if (mtu < L2CAP_DEFAULT_MIN_MTU)
+                        return false;
+        }
+        return true;
+}
 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
 {
        struct sock *sk = sock->sk;
@@ -483,6 +499,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
                        break;
                }
+                if (!l2cap_valid_mtu(chan, opts.imtu)) {
+                        err = -EINVAL;
+                        break;
+                }
                chan->mode = opts.mode;
                switch (chan->mode) {
                case L2CAP_MODE_BASIC:
author	Andre Guedes <andre.guedes@openbossa.org>	2012-05-31 16:01:34 -0400
committer	Johan Hedberg <johan.hedberg@intel.com>	2012-06-04 23:34:15 -0400
commit	682877c31fc1b6510b694b6b8e78d8dde53a47cc (patch)
tree	f1b042c56fa7c6d61026fafa7d2f90478c26c910 /net/bluetooth
parent	6fcb06a28d150095f042c477fbe20a9767d9a951 (diff)

diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index d856cc8f22a3..ab5868d94307 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c
@@ -445,6 +445,22 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
445	return err;	445	return err;
446	}	446	}
447		447
		448	static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
		449	{
		450	switch (chan->scid) {
		451	case L2CAP_CID_LE_DATA:
		452	if (mtu < L2CAP_LE_DEFAULT_MTU)
		453	return false;
		454	break;
		455
		456	default:
		457	if (mtu < L2CAP_DEFAULT_MIN_MTU)
		458	return false;
		459	}
		460
		461	return true;
		462	}
		463
448	static int l2cap_sock_setsockopt_old(struct socket sock, int optname, char __user optval, unsigned int optlen)	464	static int l2cap_sock_setsockopt_old(struct socket sock, int optname, char __user optval, unsigned int optlen)
449	{	465	{
450	struct sock *sk = sock->sk;	466	struct sock *sk = sock->sk;
@@ -483,6 +499,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
483	break;	499	break;
484	}	500	}
485		501
		502	if (!l2cap_valid_mtu(chan, opts.imtu)) {
		503	err = -EINVAL;
		504	break;
		505	}
		506
486	chan->mode = opts.mode;	507	chan->mode = opts.mode;
487	switch (chan->mode) {	508	switch (chan->mode) {
488	case L2CAP_MODE_BASIC:	509	case L2CAP_MODE_BASIC: