aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathan Holstein <nathan@lampreynetworks.com>2010-06-09 15:46:25 -0400
committerMarcel Holtmann <marcel@holtmann.org>2010-07-21 13:39:05 -0400
commit51893f88dd916efead5e24a212c907b2cd35e160 (patch)
treef28f257c32227f6a60f3fc347ba8b5d765db80c0
parentbfbacc11550a785caf082f3ccfcd7ecf882e09a4 (diff)
Bluetooth: Fix bug with ERTM minimum packet length
ERTM and streaming mode L2CAP sockets have no minimum packet length. Only basic mode connections have minimum length. Instead, validate the packet containing all necessary control, FCS, and SAR fields. The patch fixes the drop of valid packets with length lower than 4. Signed-off-by: Nathan Holstein <ngh@isomerica.net> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/l2cap.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index b89762134e4e..4af8fc0d512c 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -4092,9 +4092,9 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4092{ 4092{
4093 struct sock *sk; 4093 struct sock *sk;
4094 struct l2cap_pinfo *pi; 4094 struct l2cap_pinfo *pi;
4095 u16 control, len; 4095 u16 control;
4096 u8 tx_seq, req_seq; 4096 u8 tx_seq, req_seq;
4097 int next_tx_seq_offset, req_seq_offset; 4097 int len, next_tx_seq_offset, req_seq_offset;
4098 4098
4099 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 4099 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4100 if (!sk) { 4100 if (!sk) {
@@ -4164,7 +4164,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4164 } 4164 }
4165 4165
4166 if (__is_iframe(control)) { 4166 if (__is_iframe(control)) {
4167 if (len < 4) { 4167 if (len < 0) {
4168 l2cap_send_disconn_req(pi->conn, sk); 4168 l2cap_send_disconn_req(pi->conn, sk);
4169 goto drop; 4169 goto drop;
4170 } 4170 }
@@ -4192,7 +4192,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4192 if (pi->fcs == L2CAP_FCS_CRC16) 4192 if (pi->fcs == L2CAP_FCS_CRC16)
4193 len -= 2; 4193 len -= 2;
4194 4194
4195 if (len > pi->mps || len < 4 || __is_sframe(control)) 4195 if (len > pi->mps || len < 0 || __is_sframe(control))
4196 goto drop; 4196 goto drop;
4197 4197
4198 if (l2cap_check_fcs(pi, skb)) 4198 if (l2cap_check_fcs(pi, skb))