diff options
| author | Johan Hedberg <johan.hedberg@intel.com> | 2013-01-09 09:05:19 -0500 |
|---|---|---|
| committer | Gustavo Padovan <gustavo.padovan@collabora.co.uk> | 2013-01-10 03:22:51 -0500 |
| commit | a7e80f25ae2296d78163d75d753c796270464000 (patch) | |
| tree | edc8f5b83951d7e622f41b9f3c280f39bf2a58ea /net | |
| parent | 13ecd8b6628c14c9a27832ce7c48315385272208 (diff) | |
Bluetooth: Fix checking for exact values of boolean mgmt parameters
All mgmt_set_* commands that take a boolean value encoded in the form of
a byte should only accept the values 0x00 and 0x01. This patch adds the
necessary checks for this and returns "invalid params" responses if
anything else is provided as the value.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/mgmt.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 28e01f992231..3959c471b2b4 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
| @@ -777,6 +777,10 @@ static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, | |||
| 777 | 777 | ||
| 778 | BT_DBG("request for %s", hdev->name); | 778 | BT_DBG("request for %s", hdev->name); |
| 779 | 779 | ||
| 780 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 781 | return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, | ||
| 782 | MGMT_STATUS_INVALID_PARAMS); | ||
| 783 | |||
| 780 | hci_dev_lock(hdev); | 784 | hci_dev_lock(hdev); |
| 781 | 785 | ||
| 782 | if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { | 786 | if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { |
| @@ -872,6 +876,10 @@ static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, | |||
| 872 | return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, | 876 | return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, |
| 873 | MGMT_STATUS_NOT_SUPPORTED); | 877 | MGMT_STATUS_NOT_SUPPORTED); |
| 874 | 878 | ||
| 879 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 880 | return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, | ||
| 881 | MGMT_STATUS_INVALID_PARAMS); | ||
| 882 | |||
| 875 | timeout = __le16_to_cpu(cp->timeout); | 883 | timeout = __le16_to_cpu(cp->timeout); |
| 876 | if (!cp->val && timeout > 0) | 884 | if (!cp->val && timeout > 0) |
| 877 | return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, | 885 | return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, |
| @@ -971,6 +979,10 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, | |||
| 971 | return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, | 979 | return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, |
| 972 | MGMT_STATUS_NOT_SUPPORTED); | 980 | MGMT_STATUS_NOT_SUPPORTED); |
| 973 | 981 | ||
| 982 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 983 | return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, | ||
| 984 | MGMT_STATUS_INVALID_PARAMS); | ||
| 985 | |||
| 974 | hci_dev_lock(hdev); | 986 | hci_dev_lock(hdev); |
| 975 | 987 | ||
| 976 | if (!hdev_is_powered(hdev)) { | 988 | if (!hdev_is_powered(hdev)) { |
| @@ -1041,6 +1053,10 @@ static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data, | |||
| 1041 | 1053 | ||
| 1042 | BT_DBG("request for %s", hdev->name); | 1054 | BT_DBG("request for %s", hdev->name); |
| 1043 | 1055 | ||
| 1056 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 1057 | return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE, | ||
| 1058 | MGMT_STATUS_INVALID_PARAMS); | ||
| 1059 | |||
| 1044 | hci_dev_lock(hdev); | 1060 | hci_dev_lock(hdev); |
| 1045 | 1061 | ||
| 1046 | if (cp->val) | 1062 | if (cp->val) |
| @@ -1073,6 +1089,10 @@ static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, | |||
| 1073 | return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, | 1089 | return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, |
| 1074 | MGMT_STATUS_NOT_SUPPORTED); | 1090 | MGMT_STATUS_NOT_SUPPORTED); |
| 1075 | 1091 | ||
| 1092 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 1093 | return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, | ||
| 1094 | MGMT_STATUS_INVALID_PARAMS); | ||
| 1095 | |||
| 1076 | hci_dev_lock(hdev); | 1096 | hci_dev_lock(hdev); |
| 1077 | 1097 | ||
| 1078 | if (!hdev_is_powered(hdev)) { | 1098 | if (!hdev_is_powered(hdev)) { |
| @@ -1137,6 +1157,10 @@ static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) | |||
| 1137 | return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, | 1157 | return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, |
| 1138 | MGMT_STATUS_NOT_SUPPORTED); | 1158 | MGMT_STATUS_NOT_SUPPORTED); |
| 1139 | 1159 | ||
| 1160 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 1161 | return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, | ||
| 1162 | MGMT_STATUS_INVALID_PARAMS); | ||
| 1163 | |||
| 1140 | hci_dev_lock(hdev); | 1164 | hci_dev_lock(hdev); |
| 1141 | 1165 | ||
| 1142 | val = !!cp->val; | 1166 | val = !!cp->val; |
| @@ -1197,6 +1221,10 @@ static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) | |||
| 1197 | return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, | 1221 | return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, |
| 1198 | MGMT_STATUS_NOT_SUPPORTED); | 1222 | MGMT_STATUS_NOT_SUPPORTED); |
| 1199 | 1223 | ||
| 1224 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 1225 | return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, | ||
| 1226 | MGMT_STATUS_INVALID_PARAMS); | ||
| 1227 | |||
| 1200 | if (cp->val) | 1228 | if (cp->val) |
| 1201 | set_bit(HCI_HS_ENABLED, &hdev->dev_flags); | 1229 | set_bit(HCI_HS_ENABLED, &hdev->dev_flags); |
| 1202 | else | 1230 | else |
| @@ -1219,6 +1247,10 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) | |||
| 1219 | return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, | 1247 | return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, |
| 1220 | MGMT_STATUS_NOT_SUPPORTED); | 1248 | MGMT_STATUS_NOT_SUPPORTED); |
| 1221 | 1249 | ||
| 1250 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 1251 | return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, | ||
| 1252 | MGMT_STATUS_INVALID_PARAMS); | ||
| 1253 | |||
| 1222 | hci_dev_lock(hdev); | 1254 | hci_dev_lock(hdev); |
| 1223 | 1255 | ||
| 1224 | val = !!cp->val; | 1256 | val = !!cp->val; |
| @@ -2598,6 +2630,10 @@ static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, | |||
| 2598 | return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, | 2630 | return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, |
| 2599 | MGMT_STATUS_NOT_SUPPORTED); | 2631 | MGMT_STATUS_NOT_SUPPORTED); |
| 2600 | 2632 | ||
| 2633 | if (cp->val != 0x00 && cp->val != 0x01) | ||
| 2634 | return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, | ||
| 2635 | MGMT_STATUS_INVALID_PARAMS); | ||
| 2636 | |||
| 2601 | if (!hdev_is_powered(hdev)) | 2637 | if (!hdev_is_powered(hdev)) |
| 2602 | return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, | 2638 | return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, |
| 2603 | MGMT_STATUS_NOT_POWERED); | 2639 | MGMT_STATUS_NOT_POWERED); |