[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bluetooth-dev] Bug in latest openbt code ( * $Id: bluetooth.c,v 1.237 2003/02/06 15:36:20 anderstj )



Around line 736 in Bluetooth.c:

        case BTREADREMOTENAME:

              {

                           u8 remote_name[BT_NAME_LENGTH];

                           s32 line;

                u32 length;

                           s32 con_hdl;

 

                BT_DRIVER(__FUNCTION__ ": BTREADREMOTENAME\n");

 

                           memset(remote_name, 0, BT_NAME_LENGTH);

 

                           copy_from_user(&line, (s32*)arg, sizeof line);

                           copy_from_user(&length, (s32*)arg + 1, sizeof length);

 

                           con_hdl = bt_get_conhdl_from_line(line);

                           if(con_hdl >= 0) {

***              err = get_remote_name(con_hdl, remote_name, length);

                } else {

                                         err = -EINVAL;

                           }

***                      copy_to_user((s32*)arg, remote_name, BT_NAME_LENGTH);

                           return err;

              }

 

should read

 

        case BTREADREMOTENAME:

              {

                           u8 remote_name[BT_NAME_LENGTH];

                           s32 line;

                u32 length;

                           s32 con_hdl;

 

                BT_DRIVER(__FUNCTION__ ": BTREADREMOTENAME\n");

 

                           memset(remote_name, 0, BT_NAME_LENGTH);

 

                           copy_from_user(&line, (s32*)arg, sizeof line);

                           copy_from_user(&length, (s32*)arg + 1, sizeof length);

 

                           con_hdl = bt_get_conhdl_from_line(line);

                           if(con_hdl >= 0) {

            err = get_remote_name(con_hdl, remote_name, BT_NAME_LENGTH);

                } else {

                                         err = -EINVAL;

                           }

                           copy_to_user((s32*)arg, remote_name, length);

                           return err;

              }