From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: Re: [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt Date: Fri, 11 Jan 2019 06:32:23 +0100 Message-ID: <20190111053223.GA24338@kroah.com> References: <20190110062833.GA15047@kroah.com> <8616937378cec9330c27a3b08c24ab15ebb42ecf.camel@perches.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Marcel Holtmann , Johan Hedberg , linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org To: Joe Perches Return-path: Received: from mail.kernel.org ([198.145.29.99]:50900 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725769AbfAKFc2 (ORCPT ); Fri, 11 Jan 2019 00:32:28 -0500 Content-Disposition: inline In-Reply-To: <8616937378cec9330c27a3b08c24ab15ebb42ecf.camel@perches.com> Sender: netdev-owner@vger.kernel.org List-ID: On Thu, Jan 10, 2019 at 01:02:09PM -0800, Joe Perches wrote: > On Thu, 2019-01-10 at 07:28 +0100, Greg Kroah-Hartman wrote: > > l2cap_get_conf_opt can handle a "default" message type, but it needs to > > be verified that it really is the correct type (CONF_EFS or CONF_RFC) > > before passing it back to the caller. To do this we need to check the > > return value of this call now and handle the error correctly up the > > stack. > [] > > diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c > [] > > @@ -3324,7 +3328,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data > > void *endptr = data + data_size; > > void *req = chan->conf_req; > > int len = chan->conf_len; > > - int type, hint, olen; > > + int type, hint, olen, err; > > err doesn't seem the right name for any of these as the > return is now negative only when there is an error. > > Maybe opt_len instead. I was copying the style that was used in the rest of the file. If the maintainers want me to use a different name, I'll be glad to do so. My personal preference is just 'ret'. > > unsigned long val; > > struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; > > struct l2cap_conf_efs efs; > > @@ -3336,7 +3340,10 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data > > BT_DBG("chan %p", chan); > > > > while (len >= L2CAP_CONF_OPT_SIZE) { > > - len -= l2cap_get_conf_opt(&req, &type, &olen, &val); > > + err = l2cap_get_conf_opt(&req, &type, &olen, &val); > > + if (err < 0) > > + return err; > > + len -= err; > > especially as you subtract the positive return not > an error value. True, 'ret' would be nicer, but again, I was trying to follow the file's style. thanks, greg k-h