summaryrefslogtreecommitdiff
path: root/net/bluetooth/sco.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2019-04-12 13:54:33 +0300
committerDavid S. Miller <davem@davemloft.net>2019-04-12 20:25:03 +0300
commitbd7d46ddca06f1fadd68ceb99bc6e6f808ab50f2 (patch)
tree3ecb7b934cac41a04e79df65b7708deb254473ff /net/bluetooth/sco.c
parenta9107a14a9b9112775459ad291fc5de0f2513ce0 (diff)
downloadlinux-bd7d46ddca06f1fadd68ceb99bc6e6f808ab50f2.tar.xz
Bluetooth: Check address length before reading address field
KMSAN will complain if valid address length passed to bind() is shorter than sizeof(struct sockaddr_sco) bytes. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth/sco.c')
-rw-r--r--net/bluetooth/sco.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 9a580999ca57..d892b7c3cc42 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -523,12 +523,12 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
struct sock *sk = sock->sk;
int err = 0;
- BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
-
if (!addr || addr_len < sizeof(struct sockaddr_sco) ||
addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
+ BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
+
lock_sock(sk);
if (sk->sk_state != BT_OPEN) {