diff options
| author | Johan Hedberg | 2013-01-09 14:29:35 +0100 |
|---|---|---|
| committer | Gustavo Padovan | 2013-01-10 09:09:07 +0100 |
| commit | 575b3a02e20a10bb8110378ef363a8a174018680 (patch) | |
| tree | 677812b750e51e31090123be2320267d74582476 /net/bluetooth/mgmt.c | |
| parent | Bluetooth: Fix missing command complete for mgmt_load_long_term_keys (diff) | |
| download | kernel-qcow2-linux-575b3a02e20a10bb8110378ef363a8a174018680.tar.gz kernel-qcow2-linux-575b3a02e20a10bb8110378ef363a8a174018680.tar.xz kernel-qcow2-linux-575b3a02e20a10bb8110378ef363a8a174018680.zip | |
Bluetooth: Fix checking for valid device class values
The two lowest bits of the minor device class value are reserved and
should be zero, and the three highest bits of the major device class
likewise. The management code should therefore test for this and return
a proper "invalid params" error if the condition is not met.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'net/bluetooth/mgmt.c')
| -rw-r--r-- | net/bluetooth/mgmt.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 1dd41d48eb66..f3fec4264dcf 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -1430,6 +1430,12 @@ static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, goto unlock; } + if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { + err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, + MGMT_STATUS_INVALID_PARAMS); + goto unlock; + } + hdev->major_class = cp->major; hdev->minor_class = cp->minor; |