Bluetooth: ISO: Copy BASE if service data matches EIR_BAA_SERVICE_UUID

author Claudia Draghicescu <claudia.rosu@nxp.com>

Thu, 28 Sep 2023 08:02:08 +0000 (11:02 +0300)

committer Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Mon, 23 Oct 2023 18:03:50 +0000 (11:03 -0700)
author Claudia Draghicescu <claudia.rosu@nxp.com>
Thu, 28 Sep 2023 08:02:08 +0000 (11:02 +0300)
committer Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Mon, 23 Oct 2023 18:03:50 +0000 (11:03 -0700)
diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c

index 8ab7ea5ebedf6a9dbe75603df77f5c1399e4f4ef..07b80e97aead5d8ac5497676768a0f7a3142a591 100644 (file)
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -14,6 +14,7 @@
  #include <net/bluetooth/bluetooth.h>
  #include <net/bluetooth/hci_core.h>
  #include <net/bluetooth/iso.h>
+#include "eir.h"
  
  static const struct proto_ops iso_sock_ops;
  
@@ -47,6 +48,7 @@ static void iso_sock_kill(struct sock *sk);
  
  #define EIR_SERVICE_DATA_LENGTH 4
  #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
+#define EIR_BAA_SERVICE_UUID   0x1851
  
  /* iso_pinfo flags values */
  enum {
@@ -1460,6 +1462,8 @@ static int iso_sock_getsockopt(struct socket *sock, int level, int optname,
                 len = min_t(unsigned int, len, base_len);
                 if (copy_to_user(optval, base, len))
                         err = -EFAULT;
+               if (put_user(len, optlen))
+                       err = -EFAULT;
  
                 break;
  
@@ -1782,12 +1786,16 @@ int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
  
         ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT);
         if (ev3) {
+               size_t base_len = ev3->length;
+               u8 *base;
+
                 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr,
                                          iso_match_sync_handle_pa_report, ev3);
-
-               if (sk) {
-                       memcpy(iso_pi(sk)->base, ev3->data, ev3->length);
-                       iso_pi(sk)->base_len = ev3->length;
+               base = eir_get_service_data(ev3->data, ev3->length,
+                                           EIR_BAA_SERVICE_UUID, &base_len);
+               if (base && sk && base_len <= sizeof(iso_pi(sk)->base)) {
+                       memcpy(iso_pi(sk)->base, base, base_len);
+                       iso_pi(sk)->base_len = base_len;
                 }
         } else {
                 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
author	Claudia Draghicescu <claudia.rosu@nxp.com>
	Thu, 28 Sep 2023 08:02:08 +0000 (11:02 +0300)
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
	Mon, 23 Oct 2023 18:03:50 +0000 (11:03 -0700)