aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/l2cap.c
diff options
context:
space:
mode:
authorGustavo F. Padovan <padovan@profusion.mobi>2010-05-01 15:15:40 -0400
committerMarcel Holtmann <marcel@holtmann.org>2010-05-10 03:28:49 -0400
commit052897ca5019d9157ae09e5e84eee2a9ef5dccc6 (patch)
treee236a9c5b6559f31c69c9b5e6fa02dbd70294ad6 /net/bluetooth/l2cap.c
parent10467e9e9b89272b25b56688bb276d0830e9ab9a (diff)
Bluetooth: Check the SDU size against the MTU value
If the SDU size is greater than the MTU something is wrong, so report an error. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> [jprvita@profusion.mobi: set err to appropriate errno value] Signed-off-by: João Paulo Rechi Vita <jprvita@profusion.mobi> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth/l2cap.c')
-rw-r--r--net/bluetooth/l2cap.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 0889949b6896..e936913c921e 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3338,6 +3338,11 @@ static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 co
3338 pi->sdu_len = get_unaligned_le16(skb->data); 3338 pi->sdu_len = get_unaligned_le16(skb->data);
3339 skb_pull(skb, 2); 3339 skb_pull(skb, 2);
3340 3340
3341 if (pi->sdu_len > pi->imtu) {
3342 err = -EMSGSIZE;
3343 break;
3344 }
3345
3341 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC); 3346 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3342 if (!pi->sdu) { 3347 if (!pi->sdu) {
3343 err = -ENOMEM; 3348 err = -ENOMEM;