summaryrefslogtreecommitdiffstats
path: root/net/bluetooth/rfcomm
diff options
context:
space:
mode:
authorChangli Gao <xiaosuo@gmail.com>2010-03-31 22:58:26 +0000
committerDavid S. Miller <davem@davemloft.net>2010-04-01 17:26:01 -0700
commit6503d96168f891ffa3b70ae6c9698a1a722025a0 (patch)
tree9fafcd9eb2c0b3feda0cf4c36e4167ba3028d83a /net/bluetooth/rfcomm
parenta1d6f3f65512cc90a636e6ec653b7bc9e2238753 (diff)
downloadlinux-6503d96168f891ffa3b70ae6c9698a1a722025a0.tar.gz
linux-6503d96168f891ffa3b70ae6c9698a1a722025a0.tar.bz2
linux-6503d96168f891ffa3b70ae6c9698a1a722025a0.zip
net: check the length of the socket address passed to connect(2)
check the length of the socket address passed to connect(2). Check the length of the socket address passed to connect(2). If the length is invalid, -EINVAL will be returned. Signed-off-by: Changli Gao <xiaosuo@gmail.com> ---- net/bluetooth/l2cap.c | 3 ++- net/bluetooth/rfcomm/sock.c | 3 ++- net/bluetooth/sco.c | 3 ++- net/can/bcm.c | 3 +++ net/ieee802154/af_ieee802154.c | 3 +++ net/ipv4/af_inet.c | 5 +++++ net/netlink/af_netlink.c | 3 +++ 7 files changed, 20 insertions(+), 3 deletions(-) Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth/rfcomm')
-rw-r--r--net/bluetooth/rfcomm/sock.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 7f439765403d..8ed3c37684fa 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -397,7 +397,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a
BT_DBG("sk %p", sk);
- if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
+ if (alen < sizeof(struct sockaddr_rc) ||
+ addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
lock_sock(sk);