Skip to content

Commit

Permalink
Bluetooth: Disabling discoverable with timeout is invalid
Browse files Browse the repository at this point in the history 
Add one extra sanity check to ensure that the supplied timeout value is
actually valid in this context.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
  • Loading branch information
Marcel Holtmann authored and Johan Hedberg committed Feb 23, 2012
1 parent f51d5b2 commit 24c54a9
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions net/bluetooth/mgmt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -850,13 +850,16 @@ static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
MGMT_STATUS_INVALID_PARAMS);

timeout = get_unaligned_le16(&cp->timeout);
if (!cp->val && timeout > 0)
return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
MGMT_STATUS_INVALID_PARAMS);

hdev = hci_dev_get(index);
if (!hdev)
return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
MGMT_STATUS_INVALID_PARAMS);

timeout = get_unaligned_le16(&cp->timeout);

hci_dev_lock(hdev);

if (!hdev_is_powered(hdev) && timeout > 0) {
Expand Down

0 comments on commit 24c54a9

Please sign in to comment.