diff options
| author | Johann Felix Soden <johfel@users.sourceforge.net> | 2010-02-15 16:23:48 -0500 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2010-02-28 03:47:30 -0500 |
| commit | f6e623a65cb301088bd04794043e82bfc996c512 (patch) | |
| tree | a21946f9190a137875071125c6125d5f8c14efbd /net/bluetooth/hci_sock.c | |
| parent | 705e5711b61e9622b2d88850f38c219014aa0780 (diff) | |
Bluetooth: Fix out of scope variable access in hci_sock_cmsg()
The pointer data can point to the variable ctv.
Access to data happens when ctv is already out of scope.
Signed-off-by: Johann Felix Soden <johfel@users.sourceforge.net>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth/hci_sock.c')
| -rw-r--r-- | net/bluetooth/hci_sock.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 688cfebfbee0..38f08f6b86f6 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c | |||
| @@ -329,6 +329,9 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ | |||
| 329 | } | 329 | } |
| 330 | 330 | ||
| 331 | if (mask & HCI_CMSG_TSTAMP) { | 331 | if (mask & HCI_CMSG_TSTAMP) { |
| 332 | #ifdef CONFIG_COMPAT | ||
| 333 | struct compat_timeval ctv; | ||
| 334 | #endif | ||
| 332 | struct timeval tv; | 335 | struct timeval tv; |
| 333 | void *data; | 336 | void *data; |
| 334 | int len; | 337 | int len; |
| @@ -339,7 +342,6 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ | |||
| 339 | len = sizeof(tv); | 342 | len = sizeof(tv); |
| 340 | #ifdef CONFIG_COMPAT | 343 | #ifdef CONFIG_COMPAT |
| 341 | if (msg->msg_flags & MSG_CMSG_COMPAT) { | 344 | if (msg->msg_flags & MSG_CMSG_COMPAT) { |
| 342 | struct compat_timeval ctv; | ||
| 343 | ctv.tv_sec = tv.tv_sec; | 345 | ctv.tv_sec = tv.tv_sec; |
| 344 | ctv.tv_usec = tv.tv_usec; | 346 | ctv.tv_usec = tv.tv_usec; |
| 345 | data = &ctv; | 347 | data = &ctv; |