Bluetooth: Unify advertising instance flags check

This unifies max length and TLV validity checks.

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
Szymon Janc 2016-09-18 12:50:05 +02:00 committed by Marcel Holtmann
parent 5e2c59e84b
commit 2bb36870e8
1 changed files with 48 additions and 37 deletions

View File

@ -6005,34 +6005,59 @@ static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
return err; return err;
} }
static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data) static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
{ {
u8 max_len = HCI_MAX_AD_LENGTH; u8 max_len = HCI_MAX_AD_LENGTH;
int i, cur_len;
bool flags_managed = false;
bool tx_power_managed = false;
if (is_adv_data) { if (is_adv_data) {
if (adv_flags & (MGMT_ADV_FLAG_DISCOV | if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
MGMT_ADV_FLAG_LIMITED_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
MGMT_ADV_FLAG_MANAGED_FLAGS)) { MGMT_ADV_FLAG_MANAGED_FLAGS))
flags_managed = true;
max_len -= 3; max_len -= 3;
}
if (adv_flags & MGMT_ADV_FLAG_TX_POWER) { if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
tx_power_managed = true;
max_len -= 3; max_len -= 3;
}
} else { } else {
/* at least 1 byte of name should fit in */ /* at least 1 byte of name should fit in */
if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
max_len -= 3; max_len -= 3;
if (adv_flags & MGMT_ADV_FLAG_APPEARANCE) if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
max_len -= 4; max_len -= 4;
} }
return max_len;
}
static bool flags_managed(u32 adv_flags)
{
return adv_flags & (MGMT_ADV_FLAG_DISCOV |
MGMT_ADV_FLAG_LIMITED_DISCOV |
MGMT_ADV_FLAG_MANAGED_FLAGS);
}
static bool tx_power_managed(u32 adv_flags)
{
return adv_flags & MGMT_ADV_FLAG_TX_POWER;
}
static bool name_managed(u32 adv_flags)
{
return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
}
static bool appearance_managed(u32 adv_flags)
{
return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
}
static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data)
{
int i, cur_len;
u8 max_len;
max_len = tlv_data_max_len(adv_flags, is_adv_data);
if (len > max_len) if (len > max_len)
return false; return false;
@ -6040,10 +6065,20 @@ static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data)
for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
cur_len = data[i]; cur_len = data[i];
if (flags_managed && data[i + 1] == EIR_FLAGS) if (data[i + 1] == EIR_FLAGS && flags_managed(adv_flags))
return false; return false;
if (tx_power_managed && data[i + 1] == EIR_TX_POWER) if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
return false;
if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
return false;
if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
return false;
if (data[i + 1] == EIR_APPEARANCE &&
appearance_managed(adv_flags))
return false; return false;
/* If the current field length would exceed the total data /* If the current field length would exceed the total data
@ -6351,30 +6386,6 @@ unlock:
return err; return err;
} }
static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
{
u8 max_len = HCI_MAX_AD_LENGTH;
if (is_adv_data) {
if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
MGMT_ADV_FLAG_LIMITED_DISCOV |
MGMT_ADV_FLAG_MANAGED_FLAGS))
max_len -= 3;
if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
max_len -= 3;
} else {
/* at least 1 byte of name should fit in */
if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
max_len -= 3;
if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
max_len -= 4;
}
return max_len;
}
static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
void *data, u16 data_len) void *data, u16 data_len)
{ {