bartoszek/zephyr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bluetooth: L2CAP: Fix not checking for L2CAP_ECRED_CHAN_MAX

Browse Source 
When receiving L2CAP_CREDIT_BASED_CONNECTION_REQ the remote may request
more channels than allowed so this checks if amount of channel surpasses
the maximum channels (5) and return an error.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This commit is contained in:
Luiz Augusto von Dentz 2021-03-12 09:32:55 -08:00 committed by Carles Cufí
parent c0b240fdf3
commit 39a3dee29d
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
subsys/bluetooth/host/l2cap.c
View File

@ -1107,6 +1107,13 @@ static void le_ecred_conn_req(struct bt_l2cap *l2cap, uint8_t ident,
}
req = net_buf_pull_mem(buf, sizeof(*req));
if (buf->len > sizeof(dcid)) {
BT_ERR("Too large LE conn req packet size");
result = BT_L2CAP_LE_ERR_INVALID_PARAMS;
goto response;
}
psm = sys_le16_to_cpu(req->psm);
mtu = sys_le16_to_cpu(req->mtu);
mps = sys_le16_to_cpu(req->mps);