From: Andrei Emeltchenko Date: Mon, 12 Mar 2012 10:13:07 +0000 (+0200) Subject: Bluetooth: Correct length calc in L2CAP conf rsp X-Git-Tag: firefly_0821_release~3680^2~2713^2~3^2~18^2^2~105 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=61386cba0fae4744b8e2f52c4911fe3af9ff6c54;p=firefly-linux-kernel-4.4.55.git Bluetooth: Correct length calc in L2CAP conf rsp cmd->len is in le format so convert it to host format before use. Signed-off-by: Andrei Emeltchenko Acked-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 7b8a88fd3b78..0914cca7b578 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -2957,14 +2957,14 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; u16 scid, flags, result; struct l2cap_chan *chan; - int len = cmd->len - sizeof(*rsp); + int len = le16_to_cpu(cmd->len) - sizeof(*rsp); scid = __le16_to_cpu(rsp->scid); flags = __le16_to_cpu(rsp->flags); result = __le16_to_cpu(rsp->result); - BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", - scid, flags, result); + BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags, + result, len); chan = l2cap_get_chan_by_scid(conn, scid); if (!chan)