Reply with MGMT_STATUS_INVALID_PARAMS when userspace is trying to set
source with out-of-scope value.
Signed-off-by: Szymon Janc <szymon.janc@xxxxxxxxx>
---
net/bluetooth/mgmt.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 70eee11..a5ec832 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -2528,12 +2528,19 @@ static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
{
struct mgmt_cp_set_device_id *cp = data;
int err;
+ __u16 source;
BT_DBG("%s", hdev->name);
+ source = __le16_to_cpu(cp->source);
+
+ if (source > 0x0002)
+ return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
+ MGMT_STATUS_INVALID_PARAMS);
+
hci_dev_lock(hdev);
- hdev->devid_source = __le16_to_cpu(cp->source);
+ hdev->devid_source = source;
hdev->devid_vendor = __le16_to_cpu(cp->vendor);
hdev->devid_product = __le16_to_cpu(cp->product);
hdev->devid_version = __le16_to_cpu(cp->version);
--
on behalf of ST-Ericsson
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
