Bluetooth: mgmt: Don't allow to set invalid value to DeviceID source

Reply with MGMT_STATUS_INVALID_PARAMS when userspace is trying to set source with out-of-scope value. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Acked-by: Gustavo Padovan <gustavo@padovan.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
author: Szymon Janc <szymon.janc@tieto.com> 2012-03-16 11:02:57 -0400
committer: Gustavo Padovan <gustavo@padovan.org> 2012-05-08 23:41:33 -0400
commit: c72d4b8afa8002cd6f64225954bee78296321e7e (patch)
tree: 2abcb1d54309248e09dae928570d118691f15974 /net
parent: d97dcb66001222efa79e55f5260b9b660fd452a4 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 402cb0026f5d..f590dfbe9e07 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -2532,12 +2532,19 @@ static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
 {
        struct mgmt_cp_set_device_id *cp = data;
        int err;
+        __u16 source;
        BT_DBG("%s", hdev->name);
+        source = __le16_to_cpu(cp->source);
+        if (source > 0x0002)
+                return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
+                                  MGMT_STATUS_INVALID_PARAMS);
        hci_dev_lock(hdev);
-        hdev->devid_source = __le16_to_cpu(cp->source);
+        hdev->devid_source = source;
        hdev->devid_vendor = __le16_to_cpu(cp->vendor);
        hdev->devid_product = __le16_to_cpu(cp->product);
        hdev->devid_version = __le16_to_cpu(cp->version);
author	Szymon Janc <szymon.janc@tieto.com>	2012-03-16 11:02:57 -0400
committer	Gustavo Padovan <gustavo@padovan.org>	2012-05-08 23:41:33 -0400
commit	c72d4b8afa8002cd6f64225954bee78296321e7e (patch)
tree	2abcb1d54309248e09dae928570d118691f15974 /net
parent	d97dcb66001222efa79e55f5260b9b660fd452a4 (diff)