Bluetooth: Disabling discoverable with timeout is invalid

Add one extra sanity check to ensure that the supplied timeout value is actually valid in this context. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

Bluetooth: Disabling discoverable with timeout is invalid
Add one extra sanity check to ensure that the supplied timeout value is actually valid in this context. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
24c54a90 · Marcel Holtmann · Johan Hedberg · f51d5b24 · 24c54a90
Commit 24c54a90 authored Feb 22, 2012 by Marcel Holtmann Committed by Johan Hedberg Feb 23, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

net/bluetooth/mgmt.c net/bluetooth/mgmt.c +5 -2

No files found.
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -850,13 +850,16 @@ static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
 		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
 						MGMT_STATUS_INVALID_PARAMS);

+	timeout = get_unaligned_le16(&cp->timeout);
+	if (!cp->val && timeout > 0)
+		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
+						MGMT_STATUS_INVALID_PARAMS);
+
 	hdev = hci_dev_get(index);
 	if (!hdev)
 		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
 						MGMT_STATUS_INVALID_PARAMS);

-	timeout = get_unaligned_le16(&cp->timeout);
-
 	hci_dev_lock(hdev);

 	if (!hdev_is_powered(hdev) && timeout > 0) {