1 files changed, 15 insertions, 45 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 579f7261a7fe..45b7a4e5aa42 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -908,7 +908,7 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
        struct hci_dev *hdev;
        struct mgmt_cp_load_keys *cp;
        u16 key_count, expected_len;
-        int i, err;
+        int i;
        cp = (void *) data;
@@ -918,9 +918,9 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
        key_count = get_unaligned_le16(&cp->key_count);
        expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
-        if (expected_len > len) {
+        if (expected_len != len) {
-                BT_ERR("load_keys: expected at least %u bytes, got %u bytes",
+                BT_ERR("load_keys: expected %u bytes, got %u bytes",
-                                                        expected_len, len);
+                                                        len, expected_len);
                return -EINVAL;
        }
@@ -942,36 +942,17 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
        else
                clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
-        len -= sizeof(*cp);
+        for (i = 0; i < key_count; i++) {
-        i = 0;
+                struct mgmt_key_info *key = &cp->keys[i];
-        while (i < len) {
-                struct mgmt_key_info *key = (void *) cp->keys + i;
-                i += sizeof(*key) + key->dlen;
-                if (key->type == HCI_LK_SMP_LTK) {
-                        struct key_master_id *id = (void *) key->data;
-                        if (key->dlen != sizeof(struct key_master_id))
-                                continue;
-                        hci_add_ltk(hdev, 0, &key->bdaddr, key->pin_len,
-                                                id->ediv, id->rand, key->val);
-                        continue;
-                }
                hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
                                                                key->pin_len);
        }
-        err = cmd_complete(sk, index, MGMT_OP_LOAD_KEYS, NULL, 0);
        hci_dev_unlock_bh(hdev);
        hci_dev_put(hdev);
-        return err;
+        return 0;
 }
 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
@@ -2070,28 +2051,17 @@ int mgmt_connectable(u16 index, u8 connectable)
 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
 {
-        struct mgmt_ev_new_key *ev;
+        struct mgmt_ev_new_key ev;
-        int err, total;
-        total = sizeof(struct mgmt_ev_new_key) + key->dlen;
-        ev = kzalloc(total, GFP_ATOMIC);
-        if (!ev)
-                return -ENOMEM;
-        bacpy(&ev->key.bdaddr, &key->bdaddr);
-        ev->key.type = key->type;
-        memcpy(ev->key.val, key->val, 16);
-        ev->key.pin_len = key->pin_len;
-        ev->key.dlen = key->dlen;
-        ev->store_hint = persistent;
-        memcpy(ev->key.data, key->data, key->dlen);
-        err = mgmt_event(MGMT_EV_NEW_KEY, index, ev, total, NULL);
+        memset(&ev, 0, sizeof(ev));
-        kfree(ev);
+        ev.store_hint = persistent;
+        bacpy(&ev.key.bdaddr, &key->bdaddr);
+        ev.key.type = key->type;
+        memcpy(ev.key.val, key->val, 16);
+        ev.key.pin_len = key->pin_len;
-        return err;
+        return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
 }
 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)