[PATCH 3.10 006/139] Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket
From: Willy Tarreau
Date: Wed Nov 01 2017 - 17:59:05 EST
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
commit 71bb99a02b32b4cc4265118e85f6035ca72923f0 upstream.
same story as cmtp
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>
Signed-off-by: Willy Tarreau <w@xxxxxx>
---
net/bluetooth/bnep/core.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index e430b1a..e387e67 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -32,6 +32,7 @@
#include <asm/unaligned.h>
#include <net/bluetooth/bluetooth.h>
+#include <net/bluetooth/l2cap.h>
#include <net/bluetooth/hci_core.h>
#include "bnep.h"
@@ -539,6 +540,9 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
BT_DBG("");
+ if (!l2cap_is_socket(sock))
+ return -EBADFD;
+
baswap((void *) dst, &bt_sk(sock->sk)->dst);
baswap((void *) src, &bt_sk(sock->sk)->src);
--
2.8.0.rc2.1.gbe9624a