From c5dc28a06c1a0c74712f40c3e8e087cfc5f7d81e Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Mon, 16 Feb 2009 03:20:31 +0100
Subject: [PATCH] --- yaml --- r: 134742 b: refs/heads/master c:
 2a517ca687232adc8f14893730644da712010ffc h: refs/heads/master v: v3

---
 [refs]                      |  2 +-
 trunk/net/bluetooth/l2cap.c | 16 ++++++++++------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/[refs] b/[refs]
index 7008f6794629..7e43ede13b6f 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 8bf4794174659b06d43cc5e290cd384757374613
+refs/heads/master: 2a517ca687232adc8f14893730644da712010ffc
diff --git a/trunk/net/bluetooth/l2cap.c b/trunk/net/bluetooth/l2cap.c
index 79a4325a1388..7c6768c2a530 100644
--- a/trunk/net/bluetooth/l2cap.c
+++ b/trunk/net/bluetooth/l2cap.c
@@ -799,6 +799,9 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
 	len = min_t(unsigned int, sizeof(la), alen);
 	memcpy(&la, addr, len);
 
+	if (la.l2_cid)
+		return -EINVAL;
+
 	lock_sock(sk);
 
 	if (sk->sk_state != BT_OPEN) {
@@ -929,19 +932,20 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
 	struct sockaddr_l2 la;
 	int len, err = 0;
 
-	lock_sock(sk);
-
 	BT_DBG("sk %p", sk);
 
-	if (!addr || addr->sa_family != AF_BLUETOOTH) {
-		err = -EINVAL;
-		goto done;
-	}
+	if (!addr || addr->sa_family != AF_BLUETOOTH)
+		return -EINVAL;
 
 	memset(&la, 0, sizeof(la));
 	len = min_t(unsigned int, sizeof(la), alen);
 	memcpy(&la, addr, len);
 
+	if (la.l2_cid)
+		return -EINVAL;
+
+	lock_sock(sk);
+
 	if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
 		err = -EINVAL;
 		goto done;