diff options
Diffstat (limited to 'net/bluetooth/rfcomm/sock.c')
-rw-r--r-- | net/bluetooth/rfcomm/sock.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 825e8fb5114b..f9e9a8148a43 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
@@ -334,16 +334,19 @@ static int rfcomm_sock_create(struct net *net, struct socket *sock, | |||
334 | 334 | ||
335 | static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) | 335 | static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) |
336 | { | 336 | { |
337 | struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; | 337 | struct sockaddr_rc sa; |
338 | struct sock *sk = sock->sk; | 338 | struct sock *sk = sock->sk; |
339 | int chan = sa->rc_channel; | 339 | int len, err = 0; |
340 | int err = 0; | ||
341 | |||
342 | BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr); | ||
343 | 340 | ||
344 | if (!addr || addr->sa_family != AF_BLUETOOTH) | 341 | if (!addr || addr->sa_family != AF_BLUETOOTH) |
345 | return -EINVAL; | 342 | return -EINVAL; |
346 | 343 | ||
344 | memset(&sa, 0, sizeof(sa)); | ||
345 | len = min_t(unsigned int, sizeof(sa), addr_len); | ||
346 | memcpy(&sa, addr, len); | ||
347 | |||
348 | BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); | ||
349 | |||
347 | lock_sock(sk); | 350 | lock_sock(sk); |
348 | 351 | ||
349 | if (sk->sk_state != BT_OPEN) { | 352 | if (sk->sk_state != BT_OPEN) { |
@@ -358,12 +361,13 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr | |||
358 | 361 | ||
359 | write_lock(&rfcomm_sk_list.lock); | 362 | write_lock(&rfcomm_sk_list.lock); |
360 | 363 | ||
361 | if (chan && __rfcomm_get_listen_sock_by_addr(chan, &sa->rc_bdaddr)) { | 364 | if (sa.rc_channel && |
365 | __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) { | ||
362 | err = -EADDRINUSE; | 366 | err = -EADDRINUSE; |
363 | } else { | 367 | } else { |
364 | /* Save source address */ | 368 | /* Save source address */ |
365 | bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr); | 369 | bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr); |
366 | rfcomm_pi(sk)->channel = chan; | 370 | rfcomm_pi(sk)->channel = sa.rc_channel; |
367 | sk->sk_state = BT_BOUND; | 371 | sk->sk_state = BT_BOUND; |
368 | } | 372 | } |
369 | 373 | ||