bluetooth: Validate socket address length in sco_sock_bind(). Change-Id: I890640975f1af64f71947b6a1820249e08f6375b Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 571fe30245747cb853ba3628365a0a00729b72c6 [log] [tgz]
author: David S. Miller <davem@davemloft.net> Tue Dec 15 15:39:08 2015 -0500
committer: chrmhoffmann <chrmhoffmann@gmail.com> Sat Aug 12 17:58:28 2017 +0200
tree: 45bab15c30b6e0e655c42f11faef45972eed4101
parent: 9f418e456b2646e1b0c7afda9a6b2730477ef6a9 [diff]
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 3170190..d214aa4 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c

@@ -499,6 +499,9 @@
 	if (!addr || addr->sa_family != AF_BLUETOOTH)
 		return -EINVAL;
 
+	if (alen < sizeof(struct sockaddr_sco))
+		return -EINVAL;
+
 	memset(&sa, 0, sizeof(sa));
 	len = min_t(unsigned int, sizeof(sa), alen);
 	memcpy(&sa, addr, len);
commit	571fe30245747cb853ba3628365a0a00729b72c6	[log] [tgz]
author	David S. Miller <davem@davemloft.net>	Tue Dec 15 15:39:08 2015 -0500
committer	chrmhoffmann <chrmhoffmann@gmail.com>	Sat Aug 12 17:58:28 2017 +0200
tree	45bab15c30b6e0e655c42f11faef45972eed4101
parent	9f418e456b2646e1b0c7afda9a6b2730477ef6a9 [diff]