Commit 507fbd78 authored by David S. Miller's avatar David S. Miller Committed by Kamal Mostafa

bluetooth: Validate socket address length in sco_sock_bind().

[ Upstream commit 5233252f ]
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
parent 4e68afce
...@@ -520,6 +520,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le ...@@ -520,6 +520,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
if (!addr || addr->sa_family != AF_BLUETOOTH) if (!addr || addr->sa_family != AF_BLUETOOTH)
return -EINVAL; return -EINVAL;
if (addr_len < sizeof(struct sockaddr_sco))
return -EINVAL;
lock_sock(sk); lock_sock(sk);
if (sk->sk_state != BT_OPEN) { if (sk->sk_state != BT_OPEN) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment