[Bluetooth] Fix L2CAP and HCI setsockopt() information leaks

[pandora-kernel.git] / net / bluetooth / sco.c

diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 7714a2e..3f5163e 100644 (file)
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -1,4 +1,4 @@
-/* 
+/*

    BlueZ - Bluetooth protocol stack for Linux
    Copyright (C) 2000-2001 Qualcomm Incorporated
 
    BlueZ - Bluetooth protocol stack for Linux
    Copyright (C) 2000-2001 Qualcomm Incorporated
 


@@ -12,13 +12,13 @@
    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY

-   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
-   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
-   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
+   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 

-   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
-   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
+   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS

    SOFTWARE IS DISCLAIMED.
 */
 
    SOFTWARE IS DISCLAIMED.
 */
 


@@ -149,7 +149,7 @@ static int sco_conn_del(struct hci_conn *hcon, int err)
        struct sco_conn *conn;
        struct sock *sk;
 
        struct sco_conn *conn;
        struct sock *sk;
 

-       if (!(conn = hcon->sco_data)) 
+       if (!(conn = hcon->sco_data))

                return 0;
 
        BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
                return 0;
 
        BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);


@@ -393,7 +393,7 @@ static void sco_sock_close(struct sock *sk)
        default:
                sock_set_flag(sk, SOCK_ZAPPED);
                break;
        default:
                sock_set_flag(sk, SOCK_ZAPPED);
                break;

-       };
+       }

 
        release_sock(sk);
 
 
        release_sock(sk);
 


@@ -404,7 +404,7 @@ static void sco_sock_init(struct sock *sk, struct sock *parent)
 {
        BT_DBG("sk %p", sk);
 
 {
        BT_DBG("sk %p", sk);
 

-       if (parent) 
+       if (parent)

                sk->sk_type = parent->sk_type;
 }
 
                sk->sk_type = parent->sk_type;
 }
 


@@ -452,7 +452,8 @@ static int sco_sock_create(struct socket *sock, int protocol)
 
        sock->ops = &sco_sock_ops;
 
 
        sock->ops = &sco_sock_ops;
 

-       if (!(sk = sco_sock_alloc(sock, protocol, GFP_KERNEL)))
+       sk = sco_sock_alloc(sock, protocol, GFP_ATOMIC);
+       if (!sk)

                return -ENOMEM;
 
        sco_sock_init(sk, NULL);
                return -ENOMEM;
 
        sco_sock_init(sk, NULL);


@@ -521,7 +522,7 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
        if ((err = sco_connect(sk)))
                goto done;
 
        if ((err = sco_connect(sk)))
                goto done;
 

-       err = bt_sock_wait_state(sk, BT_CONNECTED, 
+       err = bt_sock_wait_state(sk, BT_CONNECTED,

                        sock_sndtimeo(sk, flags & O_NONBLOCK));
 
 done:
                        sock_sndtimeo(sk, flags & O_NONBLOCK));
 
 done:


@@ -626,7 +627,7 @@ static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len
        return 0;
 }
 
        return 0;
 }
 

-static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 
+static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,

                            struct msghdr *msg, size_t len)
 {
        struct sock *sk = sock->sk;
                            struct msghdr *msg, size_t len)
 {
        struct sock *sk = sock->sk;


@@ -676,7 +677,7 @@ static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char
        struct sock *sk = sock->sk;
        struct sco_options opts;
        struct sco_conninfo cinfo;
        struct sock *sk = sock->sk;
        struct sco_options opts;
        struct sco_conninfo cinfo;

-       int len, err = 0; 
+       int len, err = 0;

 
        BT_DBG("sk %p", sk);
 
 
        BT_DBG("sk %p", sk);
 


@@ -760,7 +761,7 @@ static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *
                bt_accept_enqueue(parent, sk);
 }
 
                bt_accept_enqueue(parent, sk);
 }
 

-/* Delete channel. 
+/* Delete channel.

  * Must be called on the locked socket. */
 static void sco_chan_del(struct sock *sk, int err)
 {
  * Must be called on the locked socket. */
 static void sco_chan_del(struct sock *sk, int err)
 {


@@ -770,7 +771,7 @@ static void sco_chan_del(struct sock *sk, int err)
 
        BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
 
 
        BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
 

-       if (conn) { 
+       if (conn) {

                sco_conn_lock(conn);
                conn->sk = NULL;
                sco_pi(sk)->conn = NULL;
                sco_conn_lock(conn);
                conn->sk = NULL;
                sco_pi(sk)->conn = NULL;


@@ -854,7 +855,7 @@ static int sco_connect_cfm(struct hci_conn *hcon, __u8 status)
                conn = sco_conn_add(hcon, status);
                if (conn)
                        sco_conn_ready(conn);
                conn = sco_conn_add(hcon, status);
                if (conn)
                        sco_conn_ready(conn);

-       } else 
+       } else

                sco_conn_del(hcon, bt_err(status));
 
        return 0;
                sco_conn_del(hcon, bt_err(status));
 
        return 0;


@@ -886,7 +887,7 @@ static int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
        }
 
 drop:
        }
 
 drop:

-       kfree_skb(skb); 
+       kfree_skb(skb);

        return 0;
 }
 
        return 0;
 }
 


@@ -967,7 +968,8 @@ static int __init sco_init(void)
                goto error;
        }
 
                goto error;
        }
 

-       class_create_file(bt_class, &class_attr_sco);
+       if (class_create_file(bt_class, &class_attr_sco) < 0)
+               BT_ERR("Failed to create SCO info file");

 
        BT_INFO("SCO (Voice Link) ver %s", VERSION);
        BT_INFO("SCO socket layer initialized");
 
        BT_INFO("SCO (Voice Link) ver %s", VERSION);
        BT_INFO("SCO socket layer initialized");