From: Gustavo F. Padovan <padovan@profusion.mobi>
Date: Mon, 14 Jun 2010 05:26:15 +0000 (-0300)
Subject: Bluetooth: Don't accept ConfigReq if we aren't in the BT_CONFIG state
X-Git-Tag: firefly_0821_release~9833^2~1306^2~64^2~48^2~30
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8cb8e6f1684be13b51f8429b15f39c140326b327;p=firefly-linux-kernel-4.4.55.git

Bluetooth: Don't accept ConfigReq if we aren't in the BT_CONFIG state

If such event happens we shall reply with a Command Reject, because we are
not expecting any configure request.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---

diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 6a33d269389e..f6e46fdddd2b 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3052,8 +3052,14 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
 	if (!sk)
 		return -ENOENT;
 
-	if (sk->sk_state == BT_DISCONN)
+	if (sk->sk_state != BT_CONFIG) {
+		struct l2cap_cmd_rej rej;
+
+		rej.reason = cpu_to_le16(0x0002);
+		l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
+				sizeof(rej), &rej);
 		goto unlock;
+	}
 
 	/* Reject if config buffer is too small. */
 	len = cmd_len - sizeof(*req);