bluetooth: Validate socket address length in sco_sock_bind(). Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 5233252fce714053f0151680933571a2da9cbfb4 [log] [tgz]
author: David S. Miller <davem@davemloft.net> Tue Dec 15 15:39:08 2015 -0500
committer: David S. Miller <davem@davemloft.net> Tue Dec 15 15:39:08 2015 -0500
tree: 6e9fc25f2484e14db4f241f49965d865188ef146
parent: 225734de70cd0a9e0b978f3583a4a87939271d5e [diff] [blame]
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index fe12966..f52bcbf 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c

@@ -526,6 +526,9 @@
 	if (!addr || addr->sa_family != AF_BLUETOOTH)
 		return -EINVAL;
 
+	if (addr_len < sizeof(struct sockaddr_sco))
+		return -EINVAL;
+
 	lock_sock(sk);
 
 	if (sk->sk_state != BT_OPEN) {
commit	5233252fce714053f0151680933571a2da9cbfb4	[log] [tgz]
author	David S. Miller <davem@davemloft.net>	Tue Dec 15 15:39:08 2015 -0500
committer	David S. Miller <davem@davemloft.net>	Tue Dec 15 15:39:08 2015 -0500
tree	6e9fc25f2484e14db4f241f49965d865188ef146
parent	225734de70cd0a9e0b978f3583a4a87939271d5e [diff] [blame]