Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 14:42:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bluetooth: Refactor read_ext_controller_info handler

Browse Source 
There is no need to allocate heap for reply only to copy stack data to
it. This also fix rp memory leak and missing hdev unlock if kmalloc
failed.

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
Szymon Janc 2016-09-19 20:25:52 +02:00 committed by Marcel Holtmann
parent 162f812f23
commit 7d5c11da1f
1 changed files with 19 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
net/bluetooth/mgmt.c
View File

@ -881,35 +881,17 @@ static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
void *data, u16 data_len)
{
struct mgmt_rp_read_ext_info *rp;
char buff[512];
char buf[512];
struct mgmt_rp_read_ext_info *rp = (void *)buf;
u16 eir_len = 0;
u8 name_len;
size_t name_len;
BT_DBG("sock %p %s", sk, hdev->name);
memset(&buf, 0, sizeof(buf));
hci_dev_lock(hdev);
if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
eir_len = eir_append_data(buff, eir_len,
EIR_CLASS_OF_DEV,
hdev->dev_class, 3);
name_len = strlen(hdev->dev_name);
eir_len = eir_append_data(buff, eir_len, EIR_NAME_COMPLETE,
hdev->dev_name, name_len);
name_len = strlen(hdev->short_name);
eir_len = eir_append_data(buff, eir_len, EIR_NAME_SHORT,
hdev->short_name, name_len);
rp = kzalloc(sizeof(*rp) + eir_len, GFP_KERNEL);
if (!rp)
return -ENOMEM;
rp->eir_len = cpu_to_le16(eir_len);
memcpy(rp->eir, buff, eir_len);
bacpy(&rp->bdaddr, &hdev->bdaddr);
rp->version = hdev->hci_ver;
@ -918,6 +900,20 @@ static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
rp->current_settings = cpu_to_le32(get_current_settings(hdev));
if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
hdev->dev_class, 3);
name_len = strlen(hdev->dev_name);
eir_len = eir_append_data(rp->eir, eir_len, EIR_NAME_COMPLETE,
hdev->dev_name, name_len);
name_len = strlen(hdev->short_name);
eir_len = eir_append_data(rp->eir, eir_len, EIR_NAME_SHORT,
hdev->short_name, name_len);
rp->eir_len = cpu_to_le16(eir_len);
hci_dev_unlock(hdev);
/* If this command is called at least once, then the events