[PATCH] Fix signedness problem at socket creation

CAN-2005-0750 is assigned to this issue

ilja <ilja@suresec.org> discovered potential local root exploit in
bluetooth socket creation.

This patch fixes a small signedness problem when creating the
socket.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>

diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 8ff58bc2bf27541ac4cdd84f56d7287447d9da31..064641c96e832a47b07af852e2f5e28196af2b17 100644 (file)
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -64,7 +64,7 @@ static kmem_cache_t *bt_sock_cache;
 
 int bt_sock_register(int proto, struct net_proto_family *ops)
 {
-       if (proto >= BT_MAX_PROTO)
+       if (proto < 0 || proto >= BT_MAX_PROTO)
                return -EINVAL;
 
        if (bt_proto[proto])
@@ -77,7 +77,7 @@ EXPORT_SYMBOL(bt_sock_register);
 
 int bt_sock_unregister(int proto)
 {
-       if (proto >= BT_MAX_PROTO)
+       if (proto < 0 || proto >= BT_MAX_PROTO)
                return -EINVAL;
 
        if (!bt_proto[proto])
@@ -92,7 +92,7 @@ static int bt_sock_create(struct socket *sock, int proto)
 {
        int err = 0;
 
-       if (proto >= BT_MAX_PROTO)
+       if (proto < 0 || proto >= BT_MAX_PROTO)
                return -EINVAL;
 
 #if defined(CONFIG_KMOD)