diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index fe129663bd3f7faeb39f20d02a8425d525da071d..f52bcbf2e58cd8b8ded4c3d65c8dd9b87034b002 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -526,6 +526,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, if (!addr || addr->sa_family != AF_BLUETOOTH) return -EINVAL; + if (addr_len < sizeof(struct sockaddr_sco)) + return -EINVAL; + lock_sock(sk); if (sk->sk_state != BT_OPEN) {