Skip to content

Commit

Permalink
Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealin…
Browse files Browse the repository at this point in the history 
…g with l2cap socket

... rather than relying on ciptool(8) never passing it anything else.  Give
it e.g. an AF_UNIX connected socket (from socketpair(2)) and it'll oops,
trying to evaluate &l2cap_pi(sock->sk)->chan->dst...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
  • Loading branch information
Al Viro authored and Marcel Holtmann committed Dec 19, 2014
1 parent 51bda2b commit 96c2665
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/bluetooth/cmtp/core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,9 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)

BT_DBG("");

if (!l2cap_is_socket(sock))
return -EBADFD;

session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
if (!session)
return -ENOMEM;
Expand Down

0 comments on commit 96c2665

Please sign in to comment.