From: Johan Hedberg <johan.hedberg@intel.com>
Date: Tue, 28 May 2013 10:46:30 +0000 (+0300)
Subject: Bluetooth: Fix missing length checks for L2CAP signalling PDUs
X-Git-Tag: v3.2.47~17
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90647b580ec248f93a3b8dceb4bcc4ca6dc325d3;p=pandora-kernel.git

Bluetooth: Fix missing length checks for L2CAP signalling PDUs

commit cb3b3152b2f5939d67005cff841a1ca748b19888 upstream.

There has been code in place to check that the L2CAP length header
matches the amount of data received, but many PDU handlers have not been
checking that the data received actually matches that expected by the
specific PDU. This patch adds passing the length header to the specific
handler functions and ensures that those functions fail cleanly in the
case of an incorrect amount of data.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
[bwh: Backported to 3.2:
 - Adjust context
 - Move uses of *req below the new check in l2cap_connect_req]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

Reading git-diff-tree failed