[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [bluetooth-dev] Bug in latest openbt code ( * $Id: bluetooth.c,v 1.237 2003/02/06 15:36:20 anderstj )



Hi,
 
Thanks, I'll apply the fix as soon as possible. I guess you experienced some memory overwrites ;).
 
Best Regards
Anders Johansson
-----Original Message-----
From: Ed Orchard [mailto:edorchard@xxxxxxx.com] 
Sent: den 26 februari 2003 14:32
To: bluetooth-dev@xxxxxxx.com
Subject: [bluetooth-dev] Bug in latest openbt code ( * $Id: bluetooth.c,v 1.237 2003/02/06 15:36:20 anderstj )


Around line 736 in Bluetooth.c:
        case BTREADREMOTENAME:
              {
                           u8 remote_name[BT_NAME_LENGTH];
                           s32 line;
                u32 length;
                           s32 con_hdl;
 
                BT_DRIVER(__FUNCTION__ ": BTREADREMOTENAME\n");
 
                           memset(remote_name, 0, BT_NAME_LENGTH);
 
                           copy_from_user(&line, (s32*)arg, sizeof line);
                           copy_from_user(&length, (s32*)arg + 1, sizeof length);
 
                           con_hdl = bt_get_conhdl_from_line(line);
                           if(con_hdl >= 0) {
***              err = get_remote_name(con_hdl, remote_name, length);
                } else {
                                         err = -EINVAL;
                           }
***                      copy_to_user((s32*)arg, remote_name, BT_NAME_LENGTH);
                           return err;
              }
 
should read 
 
        case BTREADREMOTENAME:
              {
                           u8 remote_name[BT_NAME_LENGTH];
                           s32 line;
                u32 length;
                           s32 con_hdl;
 
                BT_DRIVER(__FUNCTION__ ": BTREADREMOTENAME\n");
 
                           memset(remote_name, 0, BT_NAME_LENGTH);
 
                           copy_from_user(&line, (s32*)arg, sizeof line);
                           copy_from_user(&length, (s32*)arg + 1, sizeof length);
 
                           con_hdl = bt_get_conhdl_from_line(line);
                           if(con_hdl >= 0) {
            err = get_remote_name(con_hdl, remote_name, BT_NAME_LENGTH);
                } else {
                                         err = -EINVAL;
                           }
                           copy_to_user((s32*)arg, remote_name, length);
                           return err;
              }
 
-
To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
the body of a message to majordomo@xxxxxxx.com