diff mbox series

[SRU,Focal,4/5] Bluetooth: MGMT: Fix not checking if BT_HS is enabled

Message ID 20201015093244.44119-5-stefan.bader@canonical.com
State New
Headers show
Series Address bluetooth security issues | expand

Commit Message

Stefan Bader Oct. 15, 2020, 9:32 a.m. UTC 
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This checks if BT_HS is enabled relecting it on MGMT_SETTING_HS instead
of always reporting it as supported.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

CVE-2020-24490
CVE-2020-12351
CVE-2020-12352
(backported from commit b560a208cda0297fef6ff85bbfd58a8f0a52a543 linux-next)
[smb: adjust context in second hunk (debug function rename)]
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
 net/bluetooth/mgmt.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index acb7c6d5643f..5fce559a61bf 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -756,7 +756,8 @@  static u32 get_supported_settings(struct hci_dev *hdev)
 
 		if (lmp_ssp_capable(hdev)) {
 			settings |= MGMT_SETTING_SSP;
-			settings |= MGMT_SETTING_HS;
+			if (IS_ENABLED(CONFIG_BT_HS))
+				settings |= MGMT_SETTING_HS;
 		}
 
 		if (lmp_sc_capable(hdev))
@@ -1771,6 +1772,10 @@  static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
 
 	BT_DBG("request for %s", hdev->name);
 
+	if (!IS_ENABLED(CONFIG_BT_HS))
+		return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
+				       MGMT_STATUS_NOT_SUPPORTED);
+
 	status = mgmt_bredr_support(hdev);
 	if (status)
 		return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);