diff options
author | Andre Guedes <andre.guedes@openbossa.org> | 2012-05-31 17:01:34 -0300 |
---|---|---|
committer | Johan Hedberg <johan.hedberg@intel.com> | 2012-06-05 06:34:15 +0300 |
commit | 682877c31fc1b6510b694b6b8e78d8dde53a47cc (patch) | |
tree | f1b042c56fa7c6d61026fafa7d2f90478c26c910 /net/bluetooth/l2cap_sock.c | |
parent | 6fcb06a28d150095f042c477fbe20a9767d9a951 (diff) | |
download | op-kernel-dev-682877c31fc1b6510b694b6b8e78d8dde53a47cc.zip op-kernel-dev-682877c31fc1b6510b694b6b8e78d8dde53a47cc.tar.gz |
Bluetooth: Check MTU value in l2cap_sock_setsockopt_old
If user tries to set an invalid MTU value, l2cap_sock_setsockopt_old
should return -EINVAL.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'net/bluetooth/l2cap_sock.c')
-rw-r--r-- | net/bluetooth/l2cap_sock.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index d856cc8..ab5868d 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -445,6 +445,22 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch return err; } +static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu) +{ + switch (chan->scid) { + case L2CAP_CID_LE_DATA: + if (mtu < L2CAP_LE_DEFAULT_MTU) + return false; + break; + + default: + if (mtu < L2CAP_DEFAULT_MIN_MTU) + return false; + } + + return true; +} + static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) { struct sock *sk = sock->sk; @@ -483,6 +499,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us break; } + if (!l2cap_valid_mtu(chan, opts.imtu)) { + err = -EINVAL; + break; + } + chan->mode = opts.mode; switch (chan->mode) { case L2CAP_MODE_BASIC: |