Bluetooth: Add instance range check for Add Advertising command

The instance range check for Add Advertising command is missing. If the provided instance is out of range an Invalid Parameters error should be returned. At the moment, the generic Failed error is returned. This extra check ensures that clear error messages are returned. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
mariux64 · Nov 22, 2015 · ceff86a · ceff86a
1 parent e9d6376
commit ceff86a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
@@ -6839,6 +6839,10 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
 		return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
 				       status);
 
+	if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
+		return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
+				       MGMT_STATUS_INVALID_PARAMS);
+
 	flags = __le32_to_cpu(cp->flags);
 	timeout = __le16_to_cpu(cp->timeout);
 	duration = __le16_to_cpu(cp->duration);