diff options
author | steven miao <realmz6@gmail.com> | 2010-10-16 18:29:47 -0400 |
---|---|---|
committer | Gustavo F. Padovan <padovan@profusion.mobi> | 2010-11-08 21:56:00 -0500 |
commit | bfaaeb3ed5533a2dd38e3aa9ea43efd619690aed (patch) | |
tree | 8a7a46f99f20d8a637e1867b6309c3e6b88f47da /net | |
parent | 556ea928f78a390fe16ae584e6433dff304d3014 (diff) |
Bluetooth: fix unaligned access to l2cap conf data
In function l2cap_get_conf_opt() and l2cap_add_conf_opt() the address of
opt->val sometimes is not at the edge of 2-bytes/4-bytes, so 2-bytes/4 bytes
access will cause data misalignment exeception. Use get_unaligned_le16/32
and put_unaligned_le16/32 function to avoid data misalignment execption.
Signed-off-by: steven miao <realmz6@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/l2cap.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index daa7a988d9a6..b3fb02ab2292 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c | |||
@@ -2421,11 +2421,11 @@ static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned | |||
2421 | break; | 2421 | break; |
2422 | 2422 | ||
2423 | case 2: | 2423 | case 2: |
2424 | *val = __le16_to_cpu(*((__le16 *) opt->val)); | 2424 | *val = get_unaligned_le16(opt->val); |
2425 | break; | 2425 | break; |
2426 | 2426 | ||
2427 | case 4: | 2427 | case 4: |
2428 | *val = __le32_to_cpu(*((__le32 *) opt->val)); | 2428 | *val = get_unaligned_le32(opt->val); |
2429 | break; | 2429 | break; |
2430 | 2430 | ||
2431 | default: | 2431 | default: |
@@ -2452,11 +2452,11 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val) | |||
2452 | break; | 2452 | break; |
2453 | 2453 | ||
2454 | case 2: | 2454 | case 2: |
2455 | *((__le16 *) opt->val) = cpu_to_le16(val); | 2455 | put_unaligned_le16(cpu_to_le16(val), opt->val); |
2456 | break; | 2456 | break; |
2457 | 2457 | ||
2458 | case 4: | 2458 | case 4: |
2459 | *((__le32 *) opt->val) = cpu_to_le32(val); | 2459 | put_unaligned_le32(cpu_to_le32(val), opt->val); |
2460 | break; | 2460 | break; |
2461 | 2461 | ||
2462 | default: | 2462 | default: |