Bluetooth: mgmt: Fix count parameter in get_connections reply

This patch fixes the count parameter in the Get Connections reply
message. We cannot know the right number until iterating through all
connections so set the parameter value only after the loop.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 42d665bdc01fb997f8c582459c9ea6a48b5a9112..7fdba8fb980847d5ee50a8ea0abbe3aad395474e 100644 (file)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1725,8 +1725,8 @@ static int get_connections(struct sock *sk, u16 index)
        struct hci_dev *hdev;
        struct hci_conn *c;
        size_t rp_len;
-       u16 count;
-       int i, err;
+       int err;
+       u16 i;
 
        BT_DBG("");
 
@@ -1743,21 +1743,19 @@ static int get_connections(struct sock *sk, u16 index)
                goto unlock;
        }
 
-       count = 0;
+       i = 0;
        list_for_each_entry(c, &hdev->conn_hash.list, list) {
                if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
-                       count++;
+                       i++;
        }
 
-       rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
+       rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
        rp = kmalloc(rp_len, GFP_ATOMIC);
        if (!rp) {
                err = -ENOMEM;
                goto unlock;
        }
 
-       put_unaligned_le16(count, &rp->conn_count);
-
        i = 0;
        list_for_each_entry(c, &hdev->conn_hash.list, list) {
                if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
@@ -1769,6 +1767,8 @@ static int get_connections(struct sock *sk, u16 index)
                i++;
        }
 
+       put_unaligned_le16(i, &rp->conn_count);
+
        /* Recalculate length in case of filtered SCO connections, etc */
        rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));