projects
/
firefly-linux-kernel-4.4.55.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
bluetooth: Validate socket address length in sco_sock_bind().
[firefly-linux-kernel-4.4.55.git]
/
net
/
bluetooth
/
sco.c
diff --git
a/net/bluetooth/sco.c
b/net/bluetooth/sco.c
index fe129663bd3f7faeb39f20d02a8425d525da071d..f52bcbf2e58cd8b8ded4c3d65c8dd9b87034b002 100644
(file)
--- a/
net/bluetooth/sco.c
+++ b/
net/bluetooth/sco.c
@@
-526,6
+526,9
@@
static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
if (!addr || addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
+ if (addr_len < sizeof(struct sockaddr_sco))
+ return -EINVAL;
+
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {