Short name should be shorter than complete name
and it should be a prefix of complete name.
Signed-off-by: Michał Narajowski <michal.narajowski@xxxxxxxxxxx>
---
net/bluetooth/mgmt.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 7b2bac4..5709377 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -3099,6 +3099,24 @@ unlock:
hci_dev_unlock(hdev);
}
+static bool name_is_valid(u8 *complete_name, u8 *short_name)
+{
+ size_t complete_len = strlen(complete_name);
+ size_t short_len = strlen(short_name);
+
+ if (complete_len <= short_len)
+ return false;
+
+ /* Core Specification Supplement, A, 1.2.1:
+ * A shortened name shall only contain contiguous characters from
+ * the beginning of the full name.
+ */
+ if (strncmp(short_name, complete_name, short_len) != 0)
+ return false;
+
+ return true;
+}
+
static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
u16 len)
{
@@ -3122,6 +3140,12 @@ static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
goto failed;
}
+ if (!name_is_valid(cp->name, cp->short_name)) {
+ err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
+ MGMT_STATUS_INVALID_PARAMS);
+ goto failed;
+ }
+
memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
if (!hdev_is_powered(hdev)) {
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
