aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/rfcomm/sock.c')
-rw-r--r--net/bluetooth/rfcomm/sock.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 825e8fb5114b..f9e9a8148a43 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -334,16 +334,19 @@ static int rfcomm_sock_create(struct net *net, struct socket *sock,
334 334
335static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 335static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
336{ 336{
337 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 337 struct sockaddr_rc sa;
338 struct sock *sk = sock->sk; 338 struct sock *sk = sock->sk;
339 int chan = sa->rc_channel; 339 int len, err = 0;
340 int err = 0;
341
342 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
343 340
344 if (!addr || addr->sa_family != AF_BLUETOOTH) 341 if (!addr || addr->sa_family != AF_BLUETOOTH)
345 return -EINVAL; 342 return -EINVAL;
346 343
344 memset(&sa, 0, sizeof(sa));
345 len = min_t(unsigned int, sizeof(sa), addr_len);
346 memcpy(&sa, addr, len);
347
348 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
349
347 lock_sock(sk); 350 lock_sock(sk);
348 351
349 if (sk->sk_state != BT_OPEN) { 352 if (sk->sk_state != BT_OPEN) {
@@ -358,12 +361,13 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
358 361
359 write_lock(&rfcomm_sk_list.lock); 362 write_lock(&rfcomm_sk_list.lock);
360 363
361 if (chan && __rfcomm_get_listen_sock_by_addr(chan, &sa->rc_bdaddr)) { 364 if (sa.rc_channel &&
365 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
362 err = -EADDRINUSE; 366 err = -EADDRINUSE;
363 } else { 367 } else {
364 /* Save source address */ 368 /* Save source address */
365 bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr); 369 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
366 rfcomm_pi(sk)->channel = chan; 370 rfcomm_pi(sk)->channel = sa.rc_channel;
367 sk->sk_state = BT_BOUND; 371 sk->sk_state = BT_BOUND;
368 } 372 }
369 373