Bluetooth: Fix potential bad memory access with sysfs files

[pandora-kernel.git] / net / bluetooth / l2cap.c

diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 400efa2..2755182 100644 (file)
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3937,21 +3937,31 @@ drop:
        return 0;
 }
 
-static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
+static ssize_t l2cap_sysfs_show(struct class *dev,
+                               struct class_attribute *attr,
+                               char *buf)
 {
        struct sock *sk;
        struct hlist_node *node;
        char *str = buf;
+       int size = PAGE_SIZE;
 
        read_lock_bh(&l2cap_sk_list.lock);
 
        sk_for_each(sk, node, &l2cap_sk_list.head) {
                struct l2cap_pinfo *pi = l2cap_pi(sk);
+               int len;
 
-               str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
+               len = snprintf(str, size, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
                                batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
                                sk->sk_state, __le16_to_cpu(pi->psm), pi->scid,
                                pi->dcid, pi->imtu, pi->omtu, pi->sec_level);
+
+               size -= len;
+               if (size <= 0)
+                       break;
+
+               str += len;
        }
 
        read_unlock_bh(&l2cap_sk_list.lock);