Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Bluetooth: Enforce packet types in hci_recv_frame driver function

When calling the hci_recv_frame driver function check for valid packet
types that the core should process. This should catch issues with
drivers trying to feed vendor packet types through this interface.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann 10 years ago
parent
943cc59219
commit
fe806dcede
1 changed files with 7 additions and 0 deletions
Split View Show Diff Stats
  1. 7 0
      net/bluetooth/hci_core.c

+ 7 - 0
net/bluetooth/hci_core.c
View File 

@@ -3538,6 +3538,13 @@ int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
 
 		return -ENXIO;
 
 	}
 
 
+	if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT &&
 
+	    bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT &&
 
+	    bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) {
 
+		kfree_skb(skb);
 
+		return -EINVAL;
 
+	}
 
+
 
 	/* Incoming skb */
 
 	bt_cb(skb)->incoming = 1;