diff options
author | David S. Miller <davem@davemloft.net> | 2015-12-15 15:39:08 -0500 |
---|---|---|
committer | Brett Rogers <brettrogers11@gmail.com> | 2016-02-20 14:05:56 -0800 |
commit | 9c25bb369d3df8816610919ae76faaf5fb04c14a (patch) | |
tree | 18ff0e7fc2945c05ec0acabcddcc8f58a8d99b0b /net | |
parent | 5e60df5a7c346658adad7e8eafb1450491a660bb (diff) | |
download | kernel_samsung_smdk4412-9c25bb369d3df8816610919ae76faaf5fb04c14a.tar.gz kernel_samsung_smdk4412-9c25bb369d3df8816610919ae76faaf5fb04c14a.tar.bz2 kernel_samsung_smdk4412-9c25bb369d3df8816610919ae76faaf5fb04c14a.zip |
bluetooth: Validate socket address length in sco_sock_bind().
Change-Id: Id051e0c1a5d89ea90e9b058175c37c952cad70bc
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/sco.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index ac4631d10e0..21aded9a394 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -476,6 +476,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) if (!addr || addr->sa_family != AF_BLUETOOTH) return -EINVAL; + if (alen < sizeof(struct sockaddr_sco)) + return -EINVAL; + memset(&sa, 0, sizeof(sa)); len = min_t(unsigned int, sizeof(sa), alen); memcpy(&sa, addr, len); |