[PATCH 1/3] Bluetooth: Add instance range check for Add Advertising command

[PATCH 1/3] Bluetooth: Add instance range check for Add Advertising command

[Marcel Holtmann]

The instance range check for Add Advertising command is missing. If the
provided instance is out of range an Invalid Parameters error should be
returned. At the moment, the generic Failed error is returned. This
extra check ensures that clear error messages are returned.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
 net/bluetooth/mgmt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index eca203e891d2..2c6533a3f937 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -6839,6 +6839,10 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
 		return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
 				       status);
 
+	if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
+		return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
+				       MGMT_STATUS_INVALID_PARAMS);
+
 	flags = __le32_to_cpu(cp->flags);
 	timeout = __le16_to_cpu(cp->timeout);
 	duration = __le16_to_cpu(cp->duration);
-- 
2.5.0

Re: [PATCH 1/3] Bluetooth: Add instance range check for Add Advertising command

[Johan Hedberg]

Hi Marcel,

On Thu, Nov 19, 2015, Marcel Holtmann wrote:
> The instance range check for Add Advertising command is missing. If the
> provided instance is out of range an Invalid Parameters error should be
> returned. At the moment, the generic Failed error is returned. This
> extra check ensures that clear error messages are returned.
> 
> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
> ---
>  net/bluetooth/mgmt.c | 4 ++++
>  1 file changed, 4 insertions(+)

Patches 1 and 2 have been applied. Thanks.

Johan