Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp2939989rwo;
        Thu, 3 Aug 2023 18:30:23 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGWepGdly0QLRmJWCSyOtuYxmm/i2kJ09AQuQgGSXMfzUt2UaM5C5kCJTBJnpIHNPmpCkwT
X-Received: by 2002:aa7:d6cd:0:b0:522:21a1:5153 with SMTP id x13-20020aa7d6cd000000b0052221a15153mr371776edr.11.1691112623079;
        Thu, 03 Aug 2023 18:30:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691112623; cv=none;
        d=google.com; s=arc-20160816;
        b=WhuYhO7iy+NhTKB39L6VFF3FrAWJpf8jfKwGRNdNBgkZeGrwZb3mX6gEnSEaH/Itmb
         vsY4qANqV8z5JgumgrFitVzN9V7rRfZTpi4KR1OfqUhK7i095dze5A/H4oaDeO4JSRlq
         OIADHnqBdYTuZHz8HHCJ5tedsRSu4alTTP1CMyMoZOs8/CaunIa2tHE9JC0M/HW41ggR
         0sD2KjA2nFTxFoLYwrhyV9kH6OZB+52Nb1Die2keypdyoAtjfIx3U2Vv8APsrneOonzq
         DZqcNxpoAHZf22kwc5b4UYz/h7FFnYcSCWNnjtbtPExwdR5YckZNuoKuCuUAW59uRpq7
         amOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:to:from
         :dkim-signature;
        bh=y55Yg/C7ifA7uYXM7obeHwISK1JjvWlPYwGVPva4JEs=;
        fh=V2LL5OuZUBGeSu6TXDWykcThOoazTGUpkln19rrO2KM=;
        b=rALCyVs5UNHA4ETNRgT+T0+U8X7q6wfbheLVMHhe+CppY8q0MRXcxB86Yiv8XpOvlP
         ngk2FzGnvVH0YszXfSvgcFx2gHrlhiUoShMe7SGG4Il5PTC0HjcUAsH6Cm1/I/2f5lWv
         84bOIApUT2rMF7yYkaRHFoxTMUjmq7N1DE6a3eRAHSRCpBAjPb2Nf7vySSIN1AsSVDi/
         oXZYnGIm0W2wNDijlDD0AN493IUIGhfGOKihlHlUJSE8R6yR6lZO8eSs42b3I0aNrUGw
         7PhifAxXjoRi/HDcYaUDyv+vZOF+3lPxTDSj3FuaDdvWjl81ilGF+e+8t0D18ka2C6XX
         TmrA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20221208 header.b=SWpZupy4;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id p26-20020a056402075a00b00522188efd8dsi686747edy.605.2023.08.03.18.29.51;
        Thu, 03 Aug 2023 18:30:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20221208 header.b=SWpZupy4;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231545AbjHDAL1 (ORCPT <rfc822;kapilgupta.ghd@gmail.com>
        + 99 others); Thu, 3 Aug 2023 20:11:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32808 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231761AbjHDAL0 (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Thu, 3 Aug 2023 20:11:26 -0400
Received: from mail-qv1-xf2f.google.com (mail-qv1-xf2f.google.com [IPv6:2607:f8b0:4864:20::f2f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BEBEB420E
        for <linux-bluetooth@vger.kernel.org>; Thu,  3 Aug 2023 17:11:23 -0700 (PDT)
Received: by mail-qv1-xf2f.google.com with SMTP id 6a1803df08f44-63d03d3cac6so8587956d6.2
        for <linux-bluetooth@vger.kernel.org>; Thu, 03 Aug 2023 17:11:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1691107882; x=1691712682;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=y55Yg/C7ifA7uYXM7obeHwISK1JjvWlPYwGVPva4JEs=;
        b=SWpZupy4UCPkqDyJ3j34KE9HLpSfJmwvXDMf/I+ggGna0CcpDaD520ppQGD7tEt7gw
         z6rrkoh9h3PdDW0D/kdefLWTiBrV75GKLzd8ZWz8leMPMMt8ZyougiUCWli9nrxrW9LY
         ooF3elYCif3F+JPcVMHpNQT+fk6FXu+/nHAy2/cAHbHC1roMkcHw8OlreAt2faJhoxYH
         w21diB9BMlL14Byb6WSPW/+NRl/S+vxVoYmRu4wbXHuxUILKgEMkxPzQu+XE6An9ZXZj
         CNQkL7hxNB1hU9COxMji/RCH0T38HRSutHKrKgwoDVEIESzv9+r5DP0yf04CY0rTWPI0
         4Hww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1691107882; x=1691712682;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=y55Yg/C7ifA7uYXM7obeHwISK1JjvWlPYwGVPva4JEs=;
        b=Tk0j8LduFh/O4exziTTMdkRQxjajFWIF20s8QESyaZ+LjX9F6Ij0HzrRYX7NqydjpM
         n1QZbwb4OL54nMYP/zk34Qbht+TnpN7RCZ4dzvX0ho6kOdtz9zcL0eAlnEaeEgCEzCgn
         4O6cvU9dH4/Tmpg55ehFocgn+Q/3U6MEeYtx46fF1szRPdS0Q73bin5Rq33B3TpQKMdD
         hh0lDqV9PBULWOUTWkzfqdlO4jz8xs80MONjso0MenM2IWKbRQ6tu8HAypftGSGQK/tY
         SOWBpx8mws3pKVA19sgf8VkAqIyoPuVQ2BkUNi6tIFcZD4QHAeAGc9g+U+LIIQIAnl5N
         kCTw==
X-Gm-Message-State: AOJu0Yx4h0t68nuaK/7VyeMJZt3ex7/J6GyWx72HTRj5HcMCQML26E/A
        AvredXEFiKZ+9O24O3+rjPysLLGCdN0=
X-Received: by 2002:ad4:4e82:0:b0:636:955e:3dd7 with SMTP id dy2-20020ad44e82000000b00636955e3dd7mr164880qvb.42.1691107882256;
        Thu, 03 Aug 2023 17:11:22 -0700 (PDT)
Received: from lvondent-mobl4.. (c-71-236-201-58.hsd1.or.comcast.net. [71.236.201.58])
        by smtp.gmail.com with ESMTPSA id y11-20020a0ce04b000000b0063c6c7f4b92sm272448qvk.1.2023.08.03.17.11.20
        for <linux-bluetooth@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 03 Aug 2023 17:11:21 -0700 (PDT)
From:   Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To:     linux-bluetooth@vger.kernel.org
Subject: [PATCH v2 3/5] Bluetooth: ISO: Fix not checking for valid CIG/CIS IDs
Date:   Thu,  3 Aug 2023 17:11:13 -0700
Message-ID: <20230804001115.907885-3-luiz.dentz@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230804001115.907885-1-luiz.dentz@gmail.com>
References: <20230804001115.907885-1-luiz.dentz@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
        URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Valid range of CIG/CIS are 0x00 to 0xEF, so this checks they are
properly checked before attempting to use HCI_OP_LE_SET_CIG_PARAMS.

Fixes: ccf74f2390d6 ("Bluetooth: Add BTPROTO_ISO socket type")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/iso.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
index 358954bfbb32..6b66d6a88b9a 100644
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -1187,6 +1187,12 @@ static bool check_io_qos(struct bt_iso_io_qos *qos)
 
 static bool check_ucast_qos(struct bt_iso_qos *qos)
 {
+	if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
+		return false;
+
+	if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
+		return false;
+
 	if (qos->ucast.sca > 0x07)
 		return false;
 
-- 
2.41.0