Bluetooth: Fix potential bad memory access with sysfs files

[pandora-kernel.git] / net / bluetooth / sco.c

diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index dd8f6ec..967a751 100644 (file)
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -953,18 +953,29 @@ drop:
        return 0;
 }
 
-static ssize_t sco_sysfs_show(struct class *dev, char *buf)
+static ssize_t sco_sysfs_show(struct class *dev,
+                               struct class_attribute *attr,
+                               char *buf)
 {
        struct sock *sk;
        struct hlist_node *node;
        char *str = buf;
+       int size = PAGE_SIZE;
 
        read_lock_bh(&sco_sk_list.lock);
 
        sk_for_each(sk, node, &sco_sk_list.head) {
-               str += sprintf(str, "%s %s %d\n",
+               int len;
+
+               len = snprintf(str, size, "%s %s %d\n",
                                batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
                                sk->sk_state);
+
+               size -= len;
+               if (size <= 0)
+                       break;
+
+               str += len;
        }
 
        read_unlock_bh(&sco_sk_list.lock);