Bluetooth: Check address length before reading address field
KMSAN will complain if valid address length passed to bind() is shorter than sizeof(struct sockaddr_sco) bytes. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
a9107a14a9
commit
bd7d46ddca
|
@ -523,12 +523,12 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
|
|||
struct sock *sk = sock->sk;
|
||||
int err = 0;
|
||||
|
||||
BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
|
||||
|
||||
if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
|
||||
addr->sa_family != AF_BLUETOOTH)
|
||||
return -EINVAL;
|
||||
|
||||
BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
|
||||
|
||||
lock_sock(sk);
|
||||
|
||||
if (sk->sk_state != BT_OPEN) {
|
||||
|
|
Loading…
Reference in New Issue