diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-09-05 09:13:24 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-09-05 09:13:24 +0300 |
| commit | 9c2edd8b5bcb36ec6c890dd85f8fd13034aaa43e (patch) | |
| tree | 052b3c229e00462cd0c5773c8b6b9fe314e86f38 /net/bluetooth/l2cap_core.c | |
| parent | aa652b1ccbd0d3a9cd4ecdec6d36935f78c838da (diff) | |
| parent | c6935931c1894ff857616ff8549b61236a19148f (diff) | |
| download | linux-9c2edd8b5bcb36ec6c890dd85f8fd13034aaa43e.tar.xz | |
Merge 4.8-rc5 into staging-next
We want the staging fixes in here as well to handle merge issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/bluetooth/l2cap_core.c')
| -rw-r--r-- | net/bluetooth/l2cap_core.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 54ceb1f2cc9a..d4cad29b033f 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -32,6 +32,7 @@ #include <linux/debugfs.h> #include <linux/crc16.h> +#include <linux/filter.h> #include <net/bluetooth/bluetooth.h> #include <net/bluetooth/hci_core.h> @@ -5835,6 +5836,9 @@ static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, if (chan->sdu) break; + if (!pskb_may_pull(skb, L2CAP_SDULEN_SIZE)) + break; + chan->sdu_len = get_unaligned_le16(skb->data); skb_pull(skb, L2CAP_SDULEN_SIZE); @@ -6610,6 +6614,10 @@ static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb) goto drop; } + if ((chan->mode == L2CAP_MODE_ERTM || + chan->mode == L2CAP_MODE_STREAMING) && sk_filter(chan->data, skb)) + goto drop; + if (!control->sframe) { int err; |