Bluetooth: hci_conn: Use struct_size() in hci_le_big_create_sync()

[PATCH][next] Bluetooth: hci_conn: Use struct_size() in hci_le_big_create_sync()

Posted by Gustavo A. R. Silva 1 year, 7 months ago

Use struct_size() instead of the open-coded version. Similarly to
this other patch[1].

Link: https://lore.kernel.org/linux-hardening/ZiwwPmCvU25YzWek@neat/ [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
---
 net/bluetooth/hci_conn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index d6daf55f0307..c508609be105 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -2135,7 +2135,7 @@ int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
 	memcpy(pdu->bis, bis, num_bis);
 
 	return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
-			    sizeof(*pdu) + num_bis, pdu);
+			    struct_size(pdu, bis, num_bis), pdu);
 }
 
 static void create_big_complete(struct hci_dev *hdev, void *data, int err)
-- 
2.34.1

Re: [PATCH][next] Bluetooth: hci_conn: Use struct_size() in hci_le_big_create_sync()

Posted by Kees Cook 1 year, 7 months ago

On Wed, May 01, 2024 at 12:09:30PM -0600, Gustavo A. R. Silva wrote:
> Use struct_size() instead of the open-coded version. Similarly to
> this other patch[1].
> 
> Link: https://lore.kernel.org/linux-hardening/ZiwwPmCvU25YzWek@neat/ [1]
> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook