Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6e623a6 authored by Johann Felix Soden's avatar Johann Felix Soden Committed by Marcel Holtmann
Browse files

Bluetooth: Fix out of scope variable access in hci_sock_cmsg() 



The pointer data can point to the variable ctv.
Access to data happens when ctv is already out of scope.

Signed-off-by: default avatarJohann Felix Soden <johfel@users.sourceforge.net>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 705e5711

net/bluetooth/hci_sock.c

+3 −1
Original line number Diff line number Diff line
@@ -329,6 +329,9 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ 
	}



	if (mask & HCI_CMSG_TSTAMP) {

#ifdef CONFIG_COMPAT

		struct compat_timeval ctv;

#endif

		struct timeval tv;

		void *data;

		int len;
@@ -339,7 +342,6 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_ 
		len = sizeof(tv);

#ifdef CONFIG_COMPAT

		if (msg->msg_flags & MSG_CMSG_COMPAT) {

			struct compat_timeval ctv;

			ctv.tv_sec = tv.tv_sec;

			ctv.tv_usec = tv.tv_usec;

			data = &ctv;