aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/bluetooth/l2cap.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 79a4325a1388..7c6768c2a530 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -799,6 +799,9 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
799 len = min_t(unsigned int, sizeof(la), alen); 799 len = min_t(unsigned int, sizeof(la), alen);
800 memcpy(&la, addr, len); 800 memcpy(&la, addr, len);
801 801
802 if (la.l2_cid)
803 return -EINVAL;
804
802 lock_sock(sk); 805 lock_sock(sk);
803 806
804 if (sk->sk_state != BT_OPEN) { 807 if (sk->sk_state != BT_OPEN) {
@@ -929,19 +932,20 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
929 struct sockaddr_l2 la; 932 struct sockaddr_l2 la;
930 int len, err = 0; 933 int len, err = 0;
931 934
932 lock_sock(sk);
933
934 BT_DBG("sk %p", sk); 935 BT_DBG("sk %p", sk);
935 936
936 if (!addr || addr->sa_family != AF_BLUETOOTH) { 937 if (!addr || addr->sa_family != AF_BLUETOOTH)
937 err = -EINVAL; 938 return -EINVAL;
938 goto done;
939 }
940 939
941 memset(&la, 0, sizeof(la)); 940 memset(&la, 0, sizeof(la));
942 len = min_t(unsigned int, sizeof(la), alen); 941 len = min_t(unsigned int, sizeof(la), alen);
943 memcpy(&la, addr, len); 942 memcpy(&la, addr, len);
944 943
944 if (la.l2_cid)
945 return -EINVAL;
946
947 lock_sock(sk);
948
945 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) { 949 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
946 err = -EINVAL; 950 err = -EINVAL;
947 goto done; 951 goto done;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-19 13:54:55 -0500