@@ -2201,18 +2201,19 @@ static int btusb_setup_csr(struct hci_dev *hdev)
return err;
}
- if (skb->len != sizeof(struct hci_rp_read_local_version)) {
+ rp = skb_pull_data(skb, sizeof(*rp));
+ if (!rp) {
bt_dev_err(hdev, "CSR: Local version length mismatch");
kfree_skb(skb);
return -EIO;
}
- rp = (struct hci_rp_read_local_version *)skb->data;
+ bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x",
+ rp->hci_ver, le16_to_cpu(rp->hci_rev));
- bt_dev_info(hdev, "CSR: Setting up dongle with HCI ver=%u rev=%04x; LMP ver=%u subver=%04x; manufacturer=%u",
- le16_to_cpu(rp->hci_ver), le16_to_cpu(rp->hci_rev),
- le16_to_cpu(rp->lmp_ver), le16_to_cpu(rp->lmp_subver),
- le16_to_cpu(rp->manufacturer));
+ bt_dev_info(hdev, "LMP ver=%u subver=%04x; manufacturer=%u",
+ rp->lmp_ver, le16_to_cpu(rp->lmp_subver),
+ le16_to_cpu(rp->manufacturer));
/* Detect a wide host of Chinese controllers that aren't CSR.
*
@@ -2242,29 +2243,29 @@ static int btusb_setup_csr(struct hci_dev *hdev)
* third-party BT 4.0 dongle reuses it.
*/
else if (le16_to_cpu(rp->lmp_subver) <= 0x034e &&
- le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1)
+ rp->hci_ver > BLUETOOTH_VER_1_1)
is_fake = true;
else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 &&
- le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2)
+ rp->hci_ver > BLUETOOTH_VER_1_2)
is_fake = true;
else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c &&
- le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0)
+ rp->hci_ver > BLUETOOTH_VER_2_0)
is_fake = true;
else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 &&
- le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1)
+ rp->hci_ver > BLUETOOTH_VER_2_1)
is_fake = true;
else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb &&
- le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0)
+ rp->hci_ver > BLUETOOTH_VER_4_0)
is_fake = true;
/* Other clones which beat all the above checks */
else if (bcdDevice == 0x0134 &&
le16_to_cpu(rp->lmp_subver) == 0x0c5c &&
- le16_to_cpu(rp->hci_ver) == BLUETOOTH_VER_2_0)
+ rp->hci_ver == BLUETOOTH_VER_2_0)
is_fake = true;
if (is_fake) {