diff options
author | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2021-12-13 22:38:57 +0100 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2021-12-22 23:01:28 +0100 |
commit | fee645033e2c57fdbd8bace4d5ddc2b18bc4032a (patch) | |
tree | fd940cbc760705ffa170dd2342ce188489c15dbd /net | |
parent | Bluetooth: hci_sync: Push sync command cancellation to workqueue (diff) | |
download | linux-fee645033e2c57fdbd8bace4d5ddc2b18bc4032a.tar.xz linux-fee645033e2c57fdbd8bace4d5ddc2b18bc4032a.zip |
Bluetooth: hci_event: Use skb_pull_data when processing inquiry results
This makes each result entry to be checked using skb_pull_data instead
of acessing them by index.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/hci_event.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index c15289b59c3c..240bffeca170 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4531,7 +4531,15 @@ static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, void *edata, for (i = 0; i < ev->res2->num; i++) { u32 flags; - info = &ev->res2->info[i]; + info = hci_ev_skb_pull(hdev, skb, + HCI_EV_INQUIRY_RESULT_WITH_RSSI, + sizeof(*info)); + if (!info) { + bt_dev_err(hdev, "Malformed HCI Event: 0x%2.2x", + HCI_EV_INQUIRY_RESULT_WITH_RSSI); + return; + } + bacpy(&data.bdaddr, &info->bdaddr); data.pscan_rep_mode = info->pscan_rep_mode; data.pscan_period_mode = info->pscan_period_mode; @@ -4553,7 +4561,15 @@ static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, void *edata, for (i = 0; i < ev->res1->num; i++) { u32 flags; - info = &ev->res1->info[i]; + info = hci_ev_skb_pull(hdev, skb, + HCI_EV_INQUIRY_RESULT_WITH_RSSI, + sizeof(*info)); + if (!info) { + bt_dev_err(hdev, "Malformed HCI Event: 0x%2.2x", + HCI_EV_INQUIRY_RESULT_WITH_RSSI); + return; + } + bacpy(&data.bdaddr, &info->bdaddr); data.pscan_rep_mode = info->pscan_rep_mode; data.pscan_period_mode = info->pscan_period_mode; |