aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/hci_event.c10
-rw-r--r--net/bluetooth/mgmt.c16
2 files changed, 16 insertions, 10 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 2388f2c09887..4a2c919d5908 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1827,7 +1827,7 @@ static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1827 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp); 1827 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1828 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 1828 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1829 info->dev_class, 0, !name_known, ssp, NULL, 1829 info->dev_class, 0, !name_known, ssp, NULL,
1830 0); 1830 0, NULL, 0);
1831 } 1831 }
1832 1832
1833 hci_dev_unlock(hdev); 1833 hci_dev_unlock(hdev);
@@ -3102,7 +3102,7 @@ static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3102 false, &ssp); 3102 false, &ssp);
3103 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 3103 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3104 info->dev_class, info->rssi, 3104 info->dev_class, info->rssi,
3105 !name_known, ssp, NULL, 0); 3105 !name_known, ssp, NULL, 0, NULL, 0);
3106 } 3106 }
3107 } else { 3107 } else {
3108 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 3108 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
@@ -3120,7 +3120,7 @@ static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3120 false, &ssp); 3120 false, &ssp);
3121 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 3121 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3122 info->dev_class, info->rssi, 3122 info->dev_class, info->rssi,
3123 !name_known, ssp, NULL, 0); 3123 !name_known, ssp, NULL, 0, NULL, 0);
3124 } 3124 }
3125 } 3125 }
3126 3126
@@ -3309,7 +3309,7 @@ static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3309 eir_len = eir_get_length(info->data, sizeof(info->data)); 3309 eir_len = eir_get_length(info->data, sizeof(info->data));
3310 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 3310 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3311 info->dev_class, info->rssi, !name_known, 3311 info->dev_class, info->rssi, !name_known,
3312 ssp, info->data, eir_len); 3312 ssp, info->data, eir_len, NULL, 0);
3313 } 3313 }
3314 3314
3315 hci_dev_unlock(hdev); 3315 hci_dev_unlock(hdev);
@@ -3972,7 +3972,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
3972 } 3972 }
3973 3973
3974 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL, rssi, 0, 1, 3974 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL, rssi, 0, 1,
3975 data, len); 3975 data, len, NULL, 0);
3976} 3976}
3977 3977
3978static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) 3978static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index d2d4e0d5aed0..a0ef5c076880 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -5669,7 +5669,8 @@ void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5669 5669
5670void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 5670void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5671 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8 5671 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5672 ssp, u8 *eir, u16 eir_len) 5672 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5673 u8 scan_rsp_len)
5673{ 5674{
5674 char buf[512]; 5675 char buf[512];
5675 struct mgmt_ev_device_found *ev = (void *) buf; 5676 struct mgmt_ev_device_found *ev = (void *) buf;
@@ -5679,8 +5680,10 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5679 if (!hci_discovery_active(hdev)) 5680 if (!hci_discovery_active(hdev))
5680 return; 5681 return;
5681 5682
5682 /* Leave 5 bytes for a potential CoD field */ 5683 /* Make sure that the buffer is big enough. The 5 extra bytes
5683 if (sizeof(*ev) + eir_len + 5 > sizeof(buf)) 5684 * are for the potential CoD field.
5685 */
5686 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
5684 return; 5687 return;
5685 5688
5686 memset(buf, 0, sizeof(buf)); 5689 memset(buf, 0, sizeof(buf));
@@ -5707,8 +5710,11 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5707 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 5710 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
5708 dev_class, 3); 5711 dev_class, 3);
5709 5712
5710 ev->eir_len = cpu_to_le16(eir_len); 5713 if (scan_rsp_len > 0)
5711 ev_size = sizeof(*ev) + eir_len; 5714 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5715
5716 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5717 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
5712 5718
5713 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 5719 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
5714} 5720}