Commit 2bb36870 authored by Szymon Janc's avatar Szymon Janc Committed by Marcel Holtmann
Browse files

Bluetooth: Unify advertising instance flags check 



This unifies max length and TLV validity checks.

Signed-off-by: default avatarSzymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 5e2c59e8

net/bluetooth/mgmt.c

+48 −37
Original line number Diff line number Diff line
@@ -6005,34 +6005,59 @@ static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 
	return err;

}



static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data)

static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)

{

	u8 max_len = HCI_MAX_AD_LENGTH;

	int i, cur_len;

	bool flags_managed = false;

	bool tx_power_managed = false;



	if (is_adv_data) {

		if (adv_flags & (MGMT_ADV_FLAG_DISCOV |

				 MGMT_ADV_FLAG_LIMITED_DISCOV |

				 MGMT_ADV_FLAG_MANAGED_FLAGS)) {

			flags_managed = true;

				 MGMT_ADV_FLAG_MANAGED_FLAGS))

			max_len -= 3;

		}



		if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {

			tx_power_managed = true;

		if (adv_flags & MGMT_ADV_FLAG_TX_POWER)

			max_len -= 3;

		}

	} else {

		/* at least 1 byte of name should fit in */

		if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)

			max_len -= 3;



		if (adv_flags & MGMT_ADV_FLAG_APPEARANCE)

		if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))

			max_len -= 4;

	}



	return max_len;

}



static bool flags_managed(u32 adv_flags)

{

	return adv_flags & (MGMT_ADV_FLAG_DISCOV |

			    MGMT_ADV_FLAG_LIMITED_DISCOV |

			    MGMT_ADV_FLAG_MANAGED_FLAGS);

}



static bool tx_power_managed(u32 adv_flags)

{

	return adv_flags & MGMT_ADV_FLAG_TX_POWER;

}



static bool name_managed(u32 adv_flags)

{

	return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;

}



static bool appearance_managed(u32 adv_flags)

{

	return adv_flags & MGMT_ADV_FLAG_APPEARANCE;

}



static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data)

{

	int i, cur_len;

	u8 max_len;



	max_len = tlv_data_max_len(adv_flags, is_adv_data);



	if (len > max_len)

		return false;
@@ -6040,10 +6065,20 @@ static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data) 
	for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {

		cur_len = data[i];



		if (flags_managed && data[i + 1] == EIR_FLAGS)

		if (data[i + 1] == EIR_FLAGS && flags_managed(adv_flags))

			return false;



		if (tx_power_managed && data[i + 1] == EIR_TX_POWER)

		if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))

			return false;



		if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))

			return false;



		if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))

			return false;



		if (data[i + 1] == EIR_APPEARANCE &&

		    appearance_managed(adv_flags))

			return false;



		/* If the current field length would exceed the total data
@@ -6351,30 +6386,6 @@ static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 
	return err;

}



static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)

{

	u8 max_len = HCI_MAX_AD_LENGTH;



	if (is_adv_data) {

		if (adv_flags & (MGMT_ADV_FLAG_DISCOV |

				 MGMT_ADV_FLAG_LIMITED_DISCOV |

				 MGMT_ADV_FLAG_MANAGED_FLAGS))

			max_len -= 3;



		if (adv_flags & MGMT_ADV_FLAG_TX_POWER)

			max_len -= 3;

	} else {

		/* at least 1 byte of name should fit in */

		if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)

			max_len -= 3;



		if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))

			max_len -= 4;

	}



	return max_len;

}



static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,

			     void *data, u16 data_len)

{