Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4498c80d authored by David S. Miller's avatar David S. Miller
Browse files

[BLUETOOTH]: Fix unaligned access in hci_send_to_sock. 



The "u16 *" derefs of skb->data need to be wrapped inside of
a get_unaligned().

Thanks to Gustavo Zacarias for the bug report.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 785fd8b8

net/bluetooth/hci_sock.c

+7 −4
Original line number Diff line number Diff line
@@ -120,10 +120,13 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb) 
			if (!hci_test_bit(evt, &flt->event_mask))

				continue;



			if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE && 

					flt->opcode != *(__u16 *)(skb->data + 3)) ||

			if (flt->opcode &&

			    ((evt == HCI_EV_CMD_COMPLETE &&

			      flt->opcode !=

			      get_unaligned((__u16 *)(skb->data + 3))) ||

			     (evt == HCI_EV_CMD_STATUS &&

					flt->opcode != *(__u16 *)(skb->data + 4))))

			      flt->opcode !=

			      get_unaligned((__u16 *)(skb->data + 4)))))

				continue;

		}