Bluetooth: sco: prevent information leak in sco_conn_defer_accept()

[ Upstream commit 59da0b38bc2ea570ede23a3332ecb3e7574ce6b2 ]

Smatch complains that some of these struct members are not initialized
leading to a stack information disclosure:

    net/bluetooth/sco.c:778 sco_conn_defer_accept() warn:
    check that 'cp.retrans_effort' doesn't leak information

This seems like a valid warning.  I've added a default case to fix
this issue.

Fixes: 2f69a82acf6f ("Bluetooth: Use voice setting in deferred SCO connection request")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 22a110f37abc6b73efb01eeae55d8d86d8d03451..8ae8af33ae9136029129ceeb8aeaeb24f61085fc 100644 (file)
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -773,6 +773,11 @@ static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
                        cp.max_latency = cpu_to_le16(0xffff);
                        cp.retrans_effort = 0xff;
                        break;
+               default:
+                       /* use CVSD settings as fallback */
+                       cp.max_latency = cpu_to_le16(0xffff);
+                       cp.retrans_effort = 0xff;
+                       break;
                }
 
                hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,