summaryrefslogtreecommitdiff
path: root/net/bluetooth
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2016-04-16 15:30:54 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2016-04-16 15:30:54 -0300
commitbdcfd44fb5b5fb8fd660e7f93f1095c507481024 (patch)
treee423b07154d422b711ddfadedb87c43317d3c4f6 /net/bluetooth
parent4a327fcef90ba27150a3e8741441b68c605ae248 (diff)
Linux-libre 4.5.1-gnupck-4.5.1-gnu
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/mgmt.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 5a5089cb6..1363b8ffd 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -5979,6 +5979,10 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
MGMT_STATUS_INVALID_PARAMS);
+ if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
+ return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
+ MGMT_STATUS_INVALID_PARAMS);
+
flags = __le32_to_cpu(cp->flags);
timeout = __le16_to_cpu(cp->timeout);
duration = __le16_to_cpu(cp->duration);