Bluetooth: Check address length before reading address field

KMSAN will complain if valid address length passed to bind() is shorter
than sizeof(struct sockaddr_sco) bytes.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Tetsuo Handa 2019-04-12 19:54:33 +09:00 committed by David S. Miller
parent a9107a14a9
commit bd7d46ddca
1 changed files with 2 additions and 2 deletions

View File

@ -523,12 +523,12 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
struct sock *sk = sock->sk;
int err = 0;
BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {