Skip to content

Commit

Permalink
Bluetooth: Check MTU value in l2cap_sock_setsockopt_old
Browse files Browse the repository at this point in the history 
If user tries to set an invalid MTU value, l2cap_sock_setsockopt_old
should return -EINVAL.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
  • Loading branch information
Andre Guedes authored and Johan Hedberg committed Jun 5, 2012
1 parent 6fcb06a commit 682877c
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions net/bluetooth/l2cap_sock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,22 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
return err;
}

static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
{
switch (chan->scid) {
case L2CAP_CID_LE_DATA:
if (mtu < L2CAP_LE_DEFAULT_MTU)
return false;
break;

default:
if (mtu < L2CAP_DEFAULT_MIN_MTU)
return false;
}

return true;
}

static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
{
struct sock *sk = sock->sk;
Expand Down Expand Up @@ -483,6 +499,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
break;
}

if (!l2cap_valid_mtu(chan, opts.imtu)) {
err = -EINVAL;
break;
}

chan->mode = opts.mode;
switch (chan->mode) {
case L2CAP_MODE_BASIC:
Expand Down

0 comments on commit 682877c

Please sign in to comment.