Bluetooth: hci_conn: Use struct_size() in hci_le_big_create_sync()

Use struct_size() instead of the open-coded version. Similarly to
this other patch[1].

Link: https://lore.kernel.org/linux-hardening/ZiwwPmCvU25YzWek@neat/
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 8375f7bd58ee0ce41f7ab1b12f2fd68bcad51455..fc1aeb513b08c4fbb7bda35e5e5cc99efddef139 100644 (file)
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -2132,7 +2132,7 @@ int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
        memcpy(pdu->bis, bis, num_bis);
 
        return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
-                           sizeof(*pdu) + num_bis, pdu);
+                           struct_size(pdu, bis, num_bis), pdu);
 }
 
 static void create_big_complete(struct hci_dev *hdev, void *data, int err)