From: Szymon Janc <szymon.janc@tieto.com>
Date: Fri, 16 Mar 2012 15:02:57 +0000 (+0100)
Subject: Bluetooth: mgmt: Don't allow to set invalid value to DeviceID source
X-Git-Tag: firefly_0821_release~3680^2~2713^2~3^2~18^2^2~93
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c72d4b8afa8002cd6f64225954bee78296321e7e;p=firefly-linux-kernel-4.4.55.git

Bluetooth: mgmt: Don't allow to set invalid value to DeviceID source

Reply with MGMT_STATUS_INVALID_PARAMS when userspace is trying to set
source with out-of-scope value.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Gustavo Padovan <gustavo@padovan.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
---

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 402cb0026f5d..f590dfbe9e07 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -2532,12 +2532,19 @@ static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
 {
 	struct mgmt_cp_set_device_id *cp = data;
 	int err;
+	__u16 source;
 
 	BT_DBG("%s", hdev->name);
 
+	source = __le16_to_cpu(cp->source);
+
+	if (source > 0x0002)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	hci_dev_lock(hdev);
 
-	hdev->devid_source = __le16_to_cpu(cp->source);
+	hdev->devid_source = source;
 	hdev->devid_vendor = __le16_to_cpu(cp->vendor);
 	hdev->devid_product = __le16_to_cpu(cp->product);
 	hdev->devid_version = __le16_to_cpu(cp->version);