Bluetooth: Fix BR/EDR-only address checks for remote OOB data

For now the mgmt commands dealing with remote OOB data are strictly
BR/EDR-only. This patch fixes missing checks for the passed address type
so that any non-BR/EDR value triggers the appropriate error response.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index b84c092..258c982 100644 (file)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -3589,6 +3589,14 @@ static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
                struct mgmt_cp_add_remote_oob_data *cp = data;
                u8 status;
 
+               if (cp->addr.type != BDADDR_BREDR) {
+                       err = cmd_complete(sk, hdev->id,
+                                          MGMT_OP_ADD_REMOTE_OOB_DATA,
+                                          MGMT_STATUS_INVALID_PARAMS,
+                                          &cp->addr, sizeof(cp->addr));
+                       goto unlock;
+               }
+
                err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
                                              cp->hash, cp->randomizer);
                if (err < 0)
@@ -3602,6 +3610,14 @@ static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
                struct mgmt_cp_add_remote_oob_ext_data *cp = data;
                u8 status;
 
+               if (cp->addr.type != BDADDR_BREDR) {
+                       err = cmd_complete(sk, hdev->id,
+                                          MGMT_OP_ADD_REMOTE_OOB_DATA,
+                                          MGMT_STATUS_INVALID_PARAMS,
+                                          &cp->addr, sizeof(cp->addr));
+                       goto unlock;
+               }
+
                err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
                                                  cp->hash192,
                                                  cp->randomizer192,
@@ -3620,6 +3636,7 @@ static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
                                 MGMT_STATUS_INVALID_PARAMS);
        }
 
+unlock:
        hci_dev_unlock(hdev);
        return err;
 }
@@ -3633,6 +3650,11 @@ static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
 
        BT_DBG("%s", hdev->name);
 
+       if (cp->addr.type != BDADDR_BREDR)
+               return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
+                                   MGMT_STATUS_INVALID_PARAMS,
+                                   &cp->addr, sizeof(cp->addr));
+
        hci_dev_lock(hdev);
 
        if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {