Commit f6e623a6 authored by Johann Felix Soden's avatar Johann Felix Soden Committed by Marcel Holtmann

Bluetooth: Fix out of scope variable access in hci_sock_cmsg()

The pointer data can point to the variable ctv.
Access to data happens when ctv is already out of scope.
Signed-off-by: default avatarJohann Felix Soden <johfel@users.sourceforge.net>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 705e5711
...@@ -329,6 +329,9 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ ...@@ -329,6 +329,9 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_
} }
if (mask & HCI_CMSG_TSTAMP) { if (mask & HCI_CMSG_TSTAMP) {
#ifdef CONFIG_COMPAT
struct compat_timeval ctv;
#endif
struct timeval tv; struct timeval tv;
void *data; void *data;
int len; int len;
...@@ -339,7 +342,6 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ ...@@ -339,7 +342,6 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_
len = sizeof(tv); len = sizeof(tv);
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
if (msg->msg_flags & MSG_CMSG_COMPAT) { if (msg->msg_flags & MSG_CMSG_COMPAT) {
struct compat_timeval ctv;
ctv.tv_sec = tv.tv_sec; ctv.tv_sec = tv.tv_sec;
ctv.tv_usec = tv.tv_usec; ctv.tv_usec = tv.tv_usec;
data = &ctv; data = &ctv;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment