Bluetooth: Disabling discoverable with timeout is invalid

Add one extra sanity check to ensure that the supplied timeout value is actually valid in this context. Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Johan Hedberg <johan.hedberg@intel.com>

Bluetooth: Disabling discoverable with timeout is invalid
Add one extra sanity check to ensure that the supplied timeout value is actually valid in this context. Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Johan Hedberg <johan.hedberg@intel.com>
24c54a90 · Marcel Holtmann · Johan Hedberg · f51d5b24 · 24c54a90
隐藏空白更改
内联并排

Showing with 5 addition and 2 deletion

net/bluetooth/mgmt.c net/bluetooth/mgmt.c +5 -2

未找到文件。
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -850,13 +850,16 @@ static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
 		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
 						MGMT_STATUS_INVALID_PARAMS);

+	timeout = get_unaligned_le16(&cp->timeout);
+	if (!cp->val && timeout > 0)
+		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
+						MGMT_STATUS_INVALID_PARAMS);
+
 	hdev = hci_dev_get(index);
 	if (!hdev)
 		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
 						MGMT_STATUS_INVALID_PARAMS);

-	timeout = get_unaligned_le16(&cp->timeout);
-
 	hci_dev_lock(hdev);

 	if (!hdev_is_powered(hdev) && timeout > 0) {