| Message ID | 1603008332-8402-1-git-send-email-gotti79@posteo.net |
|---|---|
| State | New |
| Headers | show |
| Series | Bluetooth: A2MP: Do not set rsp.id to zero | expand |
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c index da7fd7c..7a1e0b7 100644 --- a/net/bluetooth/a2mp.c +++ b/net/bluetooth/a2mp.c @@ -381,10 +381,11 @@ static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb, hdev = hci_dev_get(req->id); if (!hdev || hdev->amp_type == AMP_TYPE_BREDR || tmp) { struct a2mp_amp_assoc_rsp rsp; - rsp.id = req->id; memset(&rsp, 0, sizeof(rsp)); + rsp.id = req->id; + if (tmp) { rsp.status = A2MP_STATUS_COLLISION_OCCURED; amp_mgr_put(tmp);
Due to security reasons the rsp struct is not zerod out in one case this will also zero out the former set rsp.id which seems to be wrong. Signed-off-by: Stefan Gottwald <gotti79@posteo.net> --- net/bluetooth/a2mp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)