summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2007-01-25 19:36:01 +0100
committerAdrian Bunk <bunk@stusta.de>2007-01-25 19:36:01 +0100
commitd5b430696919770914e83ef8ef18047077298c7f (patch)
tree4dea32f263ac4a3550c098b48c6a94ea6ad7f474
parentcf4aeafe86d3cba8c96e0c093196ea3309a126f0 (diff)
downloadlinux-stable-d5b430696919770914e83ef8ef18047077298c7f.tar.gz
linux-stable-d5b430696919770914e83ef8ef18047077298c7f.tar.bz2
linux-stable-d5b430696919770914e83ef8ef18047077298c7f.zip
BLUETOOTH: Fix unaligned access in hci_send_to_sock.
The "u16 *" derefs of skb->data need to be wrapped inside of a get_unaligned(). Thanks to Gustavo Zacarias for the bug report. Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Adrian Bunk <bunk@stusta.de>
-rw-r--r--net/bluetooth/hci_sock.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 97bdec73d17e..4e86ff478352 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -121,10 +121,13 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
if (!hci_test_bit(evt, &flt->event_mask))
continue;
- if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE &&
- flt->opcode != *(__u16 *)(skb->data + 3)) ||
- (evt == HCI_EV_CMD_STATUS &&
- flt->opcode != *(__u16 *)(skb->data + 4))))
+ if (flt->opcode &&
+ ((evt == HCI_EV_CMD_COMPLETE &&
+ flt->opcode !=
+ get_unaligned((__u16 *)(skb->data + 3))) ||
+ (evt == HCI_EV_CMD_STATUS &&
+ flt->opcode !=
+ get_unaligned((__u16 *)(skb->data + 4)))))
continue;
}