Bluetooth: Disabling discoverable with timeout is invalid

Add one extra sanity check to ensure that the supplied timeout value is
actually valid in this context.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
Marcel Holtmann 2012-02-22 18:06:34 +01:00 committed by Johan Hedberg
parent f51d5b2489
commit 24c54a9052

View File

@ -850,13 +850,16 @@ static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
MGMT_STATUS_INVALID_PARAMS);
timeout = get_unaligned_le16(&cp->timeout);
if (!cp->val && timeout > 0)
return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
MGMT_STATUS_INVALID_PARAMS);
hdev = hci_dev_get(index);
if (!hdev)
return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
MGMT_STATUS_INVALID_PARAMS);
timeout = get_unaligned_le16(&cp->timeout);
hci_dev_lock(hdev);
if (!hdev_is_powered(hdev) && timeout > 0) {