diff options
author | David S. Miller <davem@davemloft.net> | 2017-07-01 15:57:29 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-07-01 15:57:29 -0700 |
commit | 57a53a0b6788e1e3e660987e3771837efa90d980 (patch) | |
tree | fde7f92405fa936b3ef0540b7c8f60241d1d6fa0 /net/bluetooth/rfcomm/sock.c | |
parent | 2cb5c8e378d10a57aa1c9eaee36bea46c27dd2b9 (diff) | |
parent | feb16722b5d5f05b7ae1278a43e717c3d35cd512 (diff) |
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Johan Hedberg says:
====================
pull request: bluetooth-next 2017-07-01
Here are some more Bluetooth patches for the 4.13 kernel:
- Added support for Broadcom BCM43430 controllers
- Added sockaddr length checks before accessing sa_family
- Fixed possible "might sleep" errors in bnep, cmtp and hidp modules
- A few other minor fixes
Please let me know if there are any issues pulling. Thanks.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth/rfcomm/sock.c')
-rw-r--r-- | net/bluetooth/rfcomm/sock.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 2172ae509cf1..1aaccf637479 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -339,7 +339,8 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr struct sock *sk = sock->sk; int len, err = 0; - if (!addr || addr->sa_family != AF_BLUETOOTH) + if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || + addr->sa_family != AF_BLUETOOTH) return -EINVAL; memset(&sa, 0, sizeof(sa)); |