Bluetooth: Add instance range check for Add Advertising command

The instance range check for Add Advertising command is missing. If the
provided instance is out of range an Invalid Parameters error should be
returned. At the moment, the generic Failed error is returned. This
extra check ensures that clear error messages are returned.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index eca203e891d2080eff2478d8d96956d1bf068be4..2c6533a3f9372ea862c7a6a1711ab64c4851ad60 100644 (file)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -6839,6 +6839,10 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
                                       status);
 
+       if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
+               return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
+                                      MGMT_STATUS_INVALID_PARAMS);
+
        flags = __le32_to_cpu(cp->flags);
        timeout = __le16_to_cpu(cp->timeout);
        duration = __le16_to_cpu(cp->duration);