diff options
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/l2cap.c | 3 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/sock.c | 3 | ||||
-rw-r--r-- | net/bluetooth/sco.c | 3 |
3 files changed, 6 insertions, 3 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 7794a2e2adce..99d68c34e4f1 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c | |||
@@ -1002,7 +1002,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al | |||
1002 | 1002 | ||
1003 | BT_DBG("sk %p", sk); | 1003 | BT_DBG("sk %p", sk); |
1004 | 1004 | ||
1005 | if (!addr || addr->sa_family != AF_BLUETOOTH) | 1005 | if (!addr || alen < sizeof(addr->sa_family) || |
1006 | addr->sa_family != AF_BLUETOOTH) | ||
1006 | return -EINVAL; | 1007 | return -EINVAL; |
1007 | 1008 | ||
1008 | memset(&la, 0, sizeof(la)); | 1009 | memset(&la, 0, sizeof(la)); |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 7f439765403d..8ed3c37684fa 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
@@ -397,7 +397,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a | |||
397 | 397 | ||
398 | BT_DBG("sk %p", sk); | 398 | BT_DBG("sk %p", sk); |
399 | 399 | ||
400 | if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) | 400 | if (alen < sizeof(struct sockaddr_rc) || |
401 | addr->sa_family != AF_BLUETOOTH) | ||
401 | return -EINVAL; | 402 | return -EINVAL; |
402 | 403 | ||
403 | lock_sock(sk); | 404 | lock_sock(sk); |
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index e5b16b76b22e..ca6b2ad1c3fc 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
@@ -499,7 +499,8 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen | |||
499 | 499 | ||
500 | BT_DBG("sk %p", sk); | 500 | BT_DBG("sk %p", sk); |
501 | 501 | ||
502 | if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_sco)) | 502 | if (alen < sizeof(struct sockaddr_sco) || |
503 | addr->sa_family != AF_BLUETOOTH) | ||
503 | return -EINVAL; | 504 | return -EINVAL; |
504 | 505 | ||
505 | if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) | 506 | if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) |