Bluetooth: Fix device_found event length for remote name resolving
authorJohan Hedberg <johan.hedberg@intel.com>
Fri, 3 Feb 2012 22:06:00 +0000 (00:06 +0200)
committerJohan Hedberg <johan.hedberg@intel.com>
Mon, 13 Feb 2012 15:01:35 +0000 (17:01 +0200)
The correct length of the event is the size of the ev struct (not size
of the pointer like the code was previously using) plus the length of
the variable-sized EIR data at the end of the struct.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
net/bluetooth/mgmt.c

index de7326b111baa3c516f5f23bccee2aeb8d4a38a5..11ee5db16e97c5d20f4373e66b8db75e81c0e8a3 100644 (file)
@@ -2964,7 +2964,8 @@ int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
 
        put_unaligned_le16(eir_len, &ev->eir_len);
 
-       return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
+       return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
+                                               sizeof(*ev) + eir_len, NULL);
 }
 
 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)