diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/hci_event.c | 10 | ||||
-rw-r--r-- | net/bluetooth/mgmt.c | 16 |
2 files changed, 16 insertions, 10 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 2388f2c09887..4a2c919d5908 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -1827,7 +1827,7 @@ static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1827 | name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp); | 1827 | name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp); |
1828 | mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, | 1828 | mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, |
1829 | info->dev_class, 0, !name_known, ssp, NULL, | 1829 | info->dev_class, 0, !name_known, ssp, NULL, |
1830 | 0); | 1830 | 0, NULL, 0); |
1831 | } | 1831 | } |
1832 | 1832 | ||
1833 | hci_dev_unlock(hdev); | 1833 | hci_dev_unlock(hdev); |
@@ -3102,7 +3102,7 @@ static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, | |||
3102 | false, &ssp); | 3102 | false, &ssp); |
3103 | mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, | 3103 | mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, |
3104 | info->dev_class, info->rssi, | 3104 | info->dev_class, info->rssi, |
3105 | !name_known, ssp, NULL, 0); | 3105 | !name_known, ssp, NULL, 0, NULL, 0); |
3106 | } | 3106 | } |
3107 | } else { | 3107 | } else { |
3108 | struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); | 3108 | struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); |
@@ -3120,7 +3120,7 @@ static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, | |||
3120 | false, &ssp); | 3120 | false, &ssp); |
3121 | mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, | 3121 | mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, |
3122 | info->dev_class, info->rssi, | 3122 | info->dev_class, info->rssi, |
3123 | !name_known, ssp, NULL, 0); | 3123 | !name_known, ssp, NULL, 0, NULL, 0); |
3124 | } | 3124 | } |
3125 | } | 3125 | } |
3126 | 3126 | ||
@@ -3309,7 +3309,7 @@ static void hci_extended_inquiry_result_evt(struct hci_dev *hdev, | |||
3309 | eir_len = eir_get_length(info->data, sizeof(info->data)); | 3309 | eir_len = eir_get_length(info->data, sizeof(info->data)); |
3310 | mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, | 3310 | mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, |
3311 | info->dev_class, info->rssi, !name_known, | 3311 | info->dev_class, info->rssi, !name_known, |
3312 | ssp, info->data, eir_len); | 3312 | ssp, info->data, eir_len, NULL, 0); |
3313 | } | 3313 | } |
3314 | 3314 | ||
3315 | hci_dev_unlock(hdev); | 3315 | hci_dev_unlock(hdev); |
@@ -3972,7 +3972,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, | |||
3972 | } | 3972 | } |
3973 | 3973 | ||
3974 | mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL, rssi, 0, 1, | 3974 | mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL, rssi, 0, 1, |
3975 | data, len); | 3975 | data, len, NULL, 0); |
3976 | } | 3976 | } |
3977 | 3977 | ||
3978 | static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) | 3978 | static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) |
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index d2d4e0d5aed0..a0ef5c076880 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -5669,7 +5669,8 @@ void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192, | |||
5669 | 5669 | ||
5670 | void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, | 5670 | void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, |
5671 | u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8 | 5671 | u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8 |
5672 | ssp, u8 *eir, u16 eir_len) | 5672 | ssp, u8 *eir, u16 eir_len, u8 *scan_rsp, |
5673 | u8 scan_rsp_len) | ||
5673 | { | 5674 | { |
5674 | char buf[512]; | 5675 | char buf[512]; |
5675 | struct mgmt_ev_device_found *ev = (void *) buf; | 5676 | struct mgmt_ev_device_found *ev = (void *) buf; |
@@ -5679,8 +5680,10 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, | |||
5679 | if (!hci_discovery_active(hdev)) | 5680 | if (!hci_discovery_active(hdev)) |
5680 | return; | 5681 | return; |
5681 | 5682 | ||
5682 | /* Leave 5 bytes for a potential CoD field */ | 5683 | /* Make sure that the buffer is big enough. The 5 extra bytes |
5683 | if (sizeof(*ev) + eir_len + 5 > sizeof(buf)) | 5684 | * are for the potential CoD field. |
5685 | */ | ||
5686 | if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) | ||
5684 | return; | 5687 | return; |
5685 | 5688 | ||
5686 | memset(buf, 0, sizeof(buf)); | 5689 | memset(buf, 0, sizeof(buf)); |
@@ -5707,8 +5710,11 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, | |||
5707 | eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, | 5710 | eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, |
5708 | dev_class, 3); | 5711 | dev_class, 3); |
5709 | 5712 | ||
5710 | ev->eir_len = cpu_to_le16(eir_len); | 5713 | if (scan_rsp_len > 0) |
5711 | ev_size = sizeof(*ev) + eir_len; | 5714 | memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); |
5715 | |||
5716 | ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); | ||
5717 | ev_size = sizeof(*ev) + eir_len + scan_rsp_len; | ||
5712 | 5718 | ||
5713 | mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); | 5719 | mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); |
5714 | } | 5720 | } |