git.openpandora.org
/
pandora-kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Bluetooth: Disallow usage of L2CAP CID setting for now
[pandora-kernel.git]
/
net
/
bluetooth
/
l2cap.c
diff --git
a/net/bluetooth/l2cap.c
b/net/bluetooth/l2cap.c
index
79a4325
..
7c6768c
100644
(file)
--- a/
net/bluetooth/l2cap.c
+++ b/
net/bluetooth/l2cap.c
@@
-799,6
+799,9
@@
static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
len = min_t(unsigned int, sizeof(la), alen);
memcpy(&la, addr, len);
len = min_t(unsigned int, sizeof(la), alen);
memcpy(&la, addr, len);
+ if (la.l2_cid)
+ return -EINVAL;
+
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {
@@
-929,19
+932,20
@@
static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
struct sockaddr_l2 la;
int len, err = 0;
struct sockaddr_l2 la;
int len, err = 0;
- lock_sock(sk);
-
BT_DBG("sk %p", sk);
BT_DBG("sk %p", sk);
- if (!addr || addr->sa_family != AF_BLUETOOTH) {
- err = -EINVAL;
- goto done;
- }
+ if (!addr || addr->sa_family != AF_BLUETOOTH)
+ return -EINVAL;
memset(&la, 0, sizeof(la));
len = min_t(unsigned int, sizeof(la), alen);
memcpy(&la, addr, len);
memset(&la, 0, sizeof(la));
len = min_t(unsigned int, sizeof(la), alen);
memcpy(&la, addr, len);
+ if (la.l2_cid)
+ return -EINVAL;
+
+ lock_sock(sk);
+
if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
err = -EINVAL;
goto done;
if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
err = -EINVAL;
goto done;