Bluetooth: Fix device_found event length for remote name resolving

The correct length of the event is the size of the ev struct (not size of the pointer like the code was previously using) plus the length of the variable-sized EIR data at the end of the struct. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org>
git-mirror · Feb 13, 2012 · 053c7e0 · 053c7e0
1 parent e877752
commit 053c7e0
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
@@ -2964,7 +2964,8 @@ int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
 
 	put_unaligned_le16(eir_len, &ev->eir_len);
 
-	return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
+	return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
+						sizeof(*ev) + eir_len, NULL);
 }
 
 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)