commit 0588d94fd7e414367a7ae517569d2222441c255f
author Marcel Holtmann <marcel@holtmann.org> Fri Jan 16 10:06:13 2009 +0100
committer Marcel Holtmann <marcel@holtmann.org> Fri Feb 27 06:14:33 2009 +0100
tree c8563ce159bbea94e57df39a9b27bb1628ebccdd
parent f62e4323ab43c59e7cd7f72c1eb392d7c767ce5a

Bluetooth: Restrict application of socket options

The new socket options should only be evaluated for SOL_BLUETOOTH level
and not for every other level. Previously this causes some minor issues
when detecting if a kernel with certain features is available.

Also restrict BT_SECURITY to SOCK_SEQPACKET for L2CAP and SOCK_STREAM for
the RFCOMM protocol.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

net/bluetooth/rfcomm/sock.c

diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 9986ef3..7f48278 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -778,10 +778,18 @@
 	if (level == SOL_RFCOMM)
 		return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
 
+	if (level != SOL_BLUETOOTH)
+		return -ENOPROTOOPT;
+
 	lock_sock(sk);
 
 	switch (optname) {
 	case BT_SECURITY:
+		if (sk->sk_type != SOCK_STREAM) {
+			err = -EINVAL;
+			break;
+		}
+
 		sec.level = BT_SECURITY_LOW;
 
 		len = min_t(unsigned int, sizeof(sec), optlen);
@@ -899,6 +907,9 @@
 	if (level == SOL_RFCOMM)
 		return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
 
+	if (level != SOL_BLUETOOTH)
+		return -ENOPROTOOPT;
+
 	if (get_user(len, optlen))
 		return -EFAULT;
 
@@ -906,6 +917,11 @@
 
 	switch (optname) {
 	case BT_SECURITY:
+		if (sk->sk_type != SOCK_STREAM) {
+			err = -EINVAL;
+			break;
+		}
+
 		sec.level = rfcomm_pi(sk)->sec_level;
 
 		len = min_t(unsigned int, len, sizeof(sec));