aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGustavo F. Padovan <padovan@profusion.mobi>2010-05-10 17:32:04 -0400
committerMarcel Holtmann <marcel@holtmann.org>2010-07-21 13:39:04 -0400
commitf6337c771126420c348b702e012262cfb5f0d56e (patch)
treea748aab2aa766c3e22fb55de6b863c1b114da686
parent0b31c85ce78d3646ac1e90d62969e7cd8cfd8b15 (diff)
Bluetooth: Fix drop of packets with invalid req_seq/tx_seq
We shall not use an unsigned var since we are expecting negatives value there. Using unsigned causes ERTM connection to close due to invalid ReqSeq numbers. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/l2cap.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 6c5462b2a244..7e39d9ee0b9c 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3796,7 +3796,7 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3796 u8 tx_seq = __get_txseq(rx_control); 3796 u8 tx_seq = __get_txseq(rx_control);
3797 u8 req_seq = __get_reqseq(rx_control); 3797 u8 req_seq = __get_reqseq(rx_control);
3798 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3798 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3799 u8 tx_seq_offset, expected_tx_seq_offset; 3799 int tx_seq_offset, expected_tx_seq_offset;
3800 int num_to_ack = (pi->tx_win/6) + 1; 3800 int num_to_ack = (pi->tx_win/6) + 1;
3801 int err = 0; 3801 int err = 0;
3802 3802
@@ -4081,7 +4081,8 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4081 struct sock *sk; 4081 struct sock *sk;
4082 struct l2cap_pinfo *pi; 4082 struct l2cap_pinfo *pi;
4083 u16 control, len; 4083 u16 control, len;
4084 u8 tx_seq, req_seq, next_tx_seq_offset, req_seq_offset; 4084 u8 tx_seq, req_seq;
4085 int next_tx_seq_offset, req_seq_offset;
4085 4086
4086 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 4087 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4087 if (!sk) { 4088 if (!sk) {