Bluetooth: Fix device_found event length for remote name resolving

The correct length of the event is the size of the ev struct (not size
of the pointer like the code was previously using) plus the length of
the variable-sized EIR data at the end of the struct.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index de7326b111baa3c516f5f23bccee2aeb8d4a38a5..11ee5db16e97c5d20f4373e66b8db75e81c0e8a3 100644 (file)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -2964,7 +2964,8 @@ int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
 
        put_unaligned_le16(eir_len, &ev->eir_len);
 
-       return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
+       return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
+                                               sizeof(*ev) + eir_len, NULL);
 }
 
 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)