From: Andre Guedes Date: Wed, 30 Oct 2013 22:01:40 +0000 (-0300) Subject: Bluetooth: Check address in mgmt_disconnect_failed() X-Git-Tag: v3.14-rc1~94^2~3^2^2~67^2~79 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3655bba8fe693e31c44c43cd30a9aaeee8bd45df;p=profile%2Fivi%2Fkernel-x86-ivi.git Bluetooth: Check address in mgmt_disconnect_failed() Check the address and address type in mgmt_disconnect_failed() otherwise we may wrongly fail the MGMT_OP_DISCONNECT command. Signed-off-by: Andre Guedes Signed-off-by: Marcel Holtmann --- diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 22cf547..6a74aa7 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -4613,6 +4613,8 @@ void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, u8 addr_type, u8 status) { + u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); + struct mgmt_cp_disconnect *cp; struct mgmt_rp_disconnect rp; struct pending_cmd *cmd; @@ -4623,8 +4625,16 @@ void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, if (!cmd) return; + cp = cmd->param; + + if (bacmp(bdaddr, &cp->addr.bdaddr)) + return; + + if (cp->addr.type != bdaddr_type) + return; + bacpy(&rp.addr.bdaddr, bdaddr); - rp.addr.type = link_to_bdaddr(link_type, addr_type); + rp.addr.type = bdaddr_type; cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, mgmt_status(status), &rp, sizeof(rp));