Hi Marcel, Luiz,
i have prepared a patch for the erroneous zeroing of rsp.id.
See below.
Best regards
Carsten
-------------
>From 495748ae3072c328f92435fd184fd278f763de84 Mon Sep 17 00:00:00 2001
From: Carsten Schmid <carsten_schmid@xxxxxxxxxx>
Date: Wed, 13 Jan 2021 09:34:51 +0100
Subject: [PATCH] Bluetooth: A2MP: Fix zeroing rsp ID field
Patch "Bluetooth: A2MP: Fix not initializing all members" has one place where
the stack variable rsp.id is zeroed with memset after initializing it.
Fix this by zeroing the stack variable and setting rsp.id after.
Detected-by: Tobias Kaufmann <tobias.a.kaufmann@xxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Fixes: eddb7732119d ("Bluetooth: A2MP: Fix not initializing all members")
Signed-off-by: Carsten Schmid <carsten_schmid@xxxxxxxxxx>
---
net/bluetooth/a2mp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c
index da7fd7c8c2dc..64e737883a0e 100644
--- a/net/bluetooth/a2mp.c
+++ b/net/bluetooth/a2mp.c
@@ -381,10 +381,10 @@ static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb,
hdev = hci_dev_get(req->id);
if (!hdev || hdev->amp_type == AMP_TYPE_BREDR || tmp) {
struct a2mp_amp_assoc_rsp rsp;
-rsp.id = req->id;
-
memset(&rsp, 0, sizeof(rsp));
+rsp.id = req->id;
+
if (tmp) {
rsp.status = A2MP_STATUS_COLLISION_OCCURED;
amp_mgr_put(tmp);
--
2.17.1
-----------------
Mentor Graphics (Deutschland) GmbH, Arnulfstraße 201, 80634 München / Germany
Registergericht München HRB 106955, Geschäftsführer: Thomas Heurung, Alexander Walter
