evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()

Browse source 
it's OK after we'd verified the sockets, but not before that.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
Al Viro 2014-12-19 06:20:57 +00:00 committed by Marcel Holtmann
parent 004fa5ed08
commit 51bda2bca5
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
net/bluetooth/hidp/core.c
View file

@ -1314,13 +1314,14 @@ int hidp_connection_add(struct hidp_connadd_req *req,
{ {
struct hidp_session *session; struct hidp_session *session;
struct l2cap_conn *conn; struct l2cap_conn *conn;
struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan; struct l2cap_chan *chan;
int ret; int ret;
ret = hidp_verify_sockets(ctrl_sock, intr_sock); ret = hidp_verify_sockets(ctrl_sock, intr_sock);
if (ret) if (ret)
return ret; return ret;
chan = l2cap_pi(ctrl_sock->sk)->chan;
conn = NULL; conn = NULL;
l2cap_chan_lock(chan); l2cap_chan_lock(chan);
if (chan->conn) if (chan->conn)