Commit 60fc5fb6 authored by Johan Hedberg's avatar Johan Hedberg

Bluetooth: mgmt: Fix count parameter in get_connections reply

This patch fixes the count parameter in the Get Connections reply
message. We cannot know the right number until iterating through all
connections so set the parameter value only after the loop.
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
Acked-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent b3fb611e
...@@ -1725,8 +1725,8 @@ static int get_connections(struct sock *sk, u16 index) ...@@ -1725,8 +1725,8 @@ static int get_connections(struct sock *sk, u16 index)
struct hci_dev *hdev; struct hci_dev *hdev;
struct hci_conn *c; struct hci_conn *c;
size_t rp_len; size_t rp_len;
u16 count; int err;
int i, err; u16 i;
BT_DBG(""); BT_DBG("");
...@@ -1743,21 +1743,19 @@ static int get_connections(struct sock *sk, u16 index) ...@@ -1743,21 +1743,19 @@ static int get_connections(struct sock *sk, u16 index)
goto unlock; goto unlock;
} }
count = 0; i = 0;
list_for_each_entry(c, &hdev->conn_hash.list, list) { list_for_each_entry(c, &hdev->conn_hash.list, list) {
if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
count++; i++;
} }
rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info)); rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
rp = kmalloc(rp_len, GFP_ATOMIC); rp = kmalloc(rp_len, GFP_ATOMIC);
if (!rp) { if (!rp) {
err = -ENOMEM; err = -ENOMEM;
goto unlock; goto unlock;
} }
put_unaligned_le16(count, &rp->conn_count);
i = 0; i = 0;
list_for_each_entry(c, &hdev->conn_hash.list, list) { list_for_each_entry(c, &hdev->conn_hash.list, list) {
if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
...@@ -1769,6 +1767,8 @@ static int get_connections(struct sock *sk, u16 index) ...@@ -1769,6 +1767,8 @@ static int get_connections(struct sock *sk, u16 index)
i++; i++;
} }
put_unaligned_le16(i, &rp->conn_count);
/* Recalculate length in case of filtered SCO connections, etc */ /* Recalculate length in case of filtered SCO connections, etc */
rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment