[PATCH 7/8 v2] Bluetooth: Fix checking for exact values of boolean mgmt parameters

linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Johan Hedberg <johan.hedberg@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH 7/8 v2] Bluetooth: Fix checking for exact values of boolean mgmt parameters
Date: Wed,  9 Jan 2013 16:05:19 +0200	[thread overview]
Message-ID: <1357740319-5737-1-git-send-email-johan.hedberg@gmail.com> (raw)
In-Reply-To: <1357738180-4128-8-git-send-email-johan.hedberg@gmail.com>

From: Johan Hedberg <johan.hedberg@intel.com>

All mgmt_set_* commands that take a boolean value encoded in the form of
a byte should only accept the values 0x00 and 0x01. This patch adds the
necessary checks for this and returns "invalid params" responses if
anything else is provided as the value.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
---
v2: Fix s/SET_SSP/SET_LE/ copy-paste issue

 net/bluetooth/mgmt.c |   36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 69221ce..3cf7e1d 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -777,6 +777,10 @@ static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
 
 	BT_DBG("request for %s", hdev->name);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	hci_dev_lock(hdev);
 
 	if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
@@ -872,6 +876,10 @@ static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 				 MGMT_STATUS_NOT_SUPPORTED);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	timeout = __le16_to_cpu(cp->timeout);
 	if (!cp->val && timeout > 0)
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
@@ -971,6 +979,10 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
 				  MGMT_STATUS_NOT_SUPPORTED);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	hci_dev_lock(hdev);
 
 	if (!hdev_is_powered(hdev)) {
@@ -1041,6 +1053,10 @@ static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
 
 	BT_DBG("request for %s", hdev->name);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	hci_dev_lock(hdev);
 
 	if (cp->val)
@@ -1073,6 +1089,10 @@ static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
 				  MGMT_STATUS_NOT_SUPPORTED);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	hci_dev_lock(hdev);
 
 	if (!hdev_is_powered(hdev)) {
@@ -1137,6 +1157,10 @@ static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
 				  MGMT_STATUS_NOT_SUPPORTED);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	hci_dev_lock(hdev);
 
 	val = !!cp->val;
@@ -1197,6 +1221,10 @@ static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
 				  MGMT_STATUS_NOT_SUPPORTED);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	if (cp->val)
 		set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
 	else
@@ -1219,6 +1247,10 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
 				  MGMT_STATUS_NOT_SUPPORTED);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	hci_dev_lock(hdev);
 
 	val = !!cp->val;
@@ -2630,6 +2662,10 @@ static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
 				  MGMT_STATUS_NOT_SUPPORTED);
 
+	if (cp->val != 0x00 && cp->val != 0x01)
+		return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
+				  MGMT_STATUS_INVALID_PARAMS);
+
 	if (!hdev_is_powered(hdev))
 		return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
 				  MGMT_STATUS_NOT_POWERED);
-- 
1.7.10.4

next prev parent reply	other threads:[~2013-01-09 14:05 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-09 13:29 [PATCH 0/8] Bluetooth: Various mgmt fixes Johan Hedberg
2013-01-09 13:29 ` [PATCH 1/8] Bluetooth: Fix missing command complete event for mgmt_confirm_name Johan Hedberg
2013-01-09 20:02   ` Marcel Holtmann
2013-01-09 13:29 ` [PATCH 2/8] Bluetooth: Fix missing command complete for mgmt_load_long_term_keys Johan Hedberg
2013-01-09 20:04   ` Marcel Holtmann
2013-01-09 13:29 ` [PATCH 3/8] Bluetooth: Fix checking for valid device class values Johan Hedberg
2013-01-09 20:07   ` Marcel Holtmann
2013-01-09 13:29 ` [PATCH 4/8] Bluetooth: Fix accepting set_dev_class for non-BR/EDR controllers Johan Hedberg
2013-01-09 20:08   ` Marcel Holtmann
2013-01-09 13:29 ` [PATCH 5/8] Bluetooth: Fix returning proper command status for start_discovery Johan Hedberg
2013-01-09 20:10   ` Marcel Holtmann
2013-01-10 12:54   ` [PATCH 5/8 v2] " Johan Hedberg
2013-01-10 16:24     ` Marcel Holtmann
2013-01-10 18:30     ` Gustavo Padovan
2013-01-09 13:29 ` [PATCH 6/8] Bluetooth: Move non-critical sections outside of the dev lock Johan Hedberg
2013-01-09 20:12   ` Marcel Holtmann
2013-01-09 13:29 ` [PATCH 7/8] Bluetooth: Fix checking for exact values of boolean mgmt parameters Johan Hedberg
2013-01-09 13:45   ` Anderson Lizardo
2013-01-09 13:48     ` Johan Hedberg
2013-01-09 13:53       ` Anderson Lizardo
2013-01-09 14:05   ` Johan Hedberg [this message]
2013-01-09 20:13     ` [PATCH 7/8 v2] " Marcel Holtmann
2013-01-10  8:24     ` Gustavo Padovan
2013-01-09 13:29 ` [PATCH 8/8] Bluetooth: Fix sending incorrect new_settings for mgmt_set_powered Johan Hedberg
2013-01-10  8:41   ` Marcel Holtmann
2013-01-10 18:31   ` Gustavo Padovan

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:69221ce dfblob:3cf7e1d )
 OR (
bs:"[PATCH 7/8 v2] Bluetooth: Fix checking for exact values of boolean mgmt parameters" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1357740319-5737-1-git-send-email-johan.hedberg@gmail.com \
    --to=johan.hedberg@gmail.com \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).