summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2015-11-19 16:16:41 +0100
committerJohan Hedberg <johan.hedberg@intel.com>2015-11-22 14:00:16 +0100
commitceff86af56e09469d21732c16fd27a7337983c48 (patch)
tree86aed6f06e699f72507270d42aa5c4cc72eae713
parentBluetooth: Use hex notation for mask (diff)
downloadlinux-ceff86af56e09469d21732c16fd27a7337983c48.tar.xz
linux-ceff86af56e09469d21732c16fd27a7337983c48.zip
Bluetooth: Add instance range check for Add Advertising command
The instance range check for Add Advertising command is missing. If the provided instance is out of range an Invalid Parameters error should be returned. At the moment, the generic Failed error is returned. This extra check ensures that clear error messages are returned. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-rw-r--r--net/bluetooth/mgmt.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index eca203e891d2..2c6533a3f937 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -6839,6 +6839,10 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
status);
+ if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
+ return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
+ MGMT_STATUS_INVALID_PARAMS);
+
flags = __le32_to_cpu(cp->flags);
timeout = __le16_to_cpu(cp->timeout);
duration = __le16_to_cpu(cp->duration);