Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()

Check `num_rsp` before using it as for-loop counter.

Cc: [email protected]
Signed-off-by: Peilin Ye <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>

Author: peilin-ye

net/bluetooth/hci_event.c

@@ -2517,7 +2517,7 @@ static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
 
 	BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
 
-	if (!num_rsp)
+	if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1)
 		return;
 
 	if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ))