merged 3.0.101 tag

author: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> 2015-10-22 21:26:58 +0200
committer: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> 2015-10-22 21:26:58 +0200
commit: 786208aedd8f75b0720e36b2ca66b3a411417301 (patch)
tree: e6e902ab383ca94842c8691a9e28e1a6aefc5695 /net/bluetooth/l2cap_core.c
parent: b99374450c03bf5081b88995d91d34fb9b2fd040 (diff)
download: kernel_samsung_smdk4412-786208aedd8f75b0720e36b2ca66b3a411417301.zip
kernel_samsung_smdk4412-786208aedd8f75b0720e36b2ca66b3a411417301.tar.gz
kernel_samsung_smdk4412-786208aedd8f75b0720e36b2ca66b3a411417301.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index b044c38..8d0e801 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1823,6 +1823,9 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
 	BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
 			conn, code, ident, dlen);
 
+	if (conn->mtu < L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE)
+		return NULL;
+
 	len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
 	count = min_t(unsigned int, conn->mtu, len);
author	Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>	2015-10-22 21:26:58 +0200
committer	Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>	2015-10-22 21:26:58 +0200
commit	786208aedd8f75b0720e36b2ca66b3a411417301 (patch)
tree	e6e902ab383ca94842c8691a9e28e1a6aefc5695 /net/bluetooth/l2cap_core.c
parent	b99374450c03bf5081b88995d91d34fb9b2fd040 (diff)
download	kernel_samsung_smdk4412-786208aedd8f75b0720e36b2ca66b3a411417301.zip kernel_samsung_smdk4412-786208aedd8f75b0720e36b2ca66b3a411417301.tar.gz kernel_samsung_smdk4412-786208aedd8f75b0720e36b2ca66b3a411417301.tar.bz2