Bluetooth: Classic: L2CAP: Fix issue is received data len less than 2
If the received data length is less than 2 in none basic mode, the L2CAP channel connection will be dropped. Only check the received data length if the `SAR` is `BT_L2CAP_CONTROL_SAR_START`. Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
This commit is contained in:
Lyle Zhu
Benjamin Cabé
parent
63dbc4c7f9
commit
2a1bcc2919
1 changed files with 2 additions and 4 deletions
|
|
@ -5767,17 +5767,15 @@ static void bt_l2cap_br_ret_fc_i_recv(struct bt_l2cap_br_chan *br_chan, struct n
|
||||||
|
|
||||||
valid_frame:
|
valid_frame:
|
||||||
switch (sar) {
|
switch (sar) {
|
||||||
case BT_L2CAP_CONTROL_SAR_UNSEG:
|
|
||||||
__fallthrough;
|
|
||||||
case BT_L2CAP_CONTROL_SAR_START:
|
case BT_L2CAP_CONTROL_SAR_START:
|
||||||
if (buf->len < 2) {
|
if (buf->len < 2) {
|
||||||
LOG_WRN("Invalid SDU length");
|
LOG_WRN("Too short data packet");
|
||||||
bt_l2cap_chan_disconnect(&br_chan->chan);
|
bt_l2cap_chan_disconnect(&br_chan->chan);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case BT_L2CAP_CONTROL_SAR_UNSEG:
|
||||||
case BT_L2CAP_CONTROL_SAR_END:
|
case BT_L2CAP_CONTROL_SAR_END:
|
||||||
__fallthrough;
|
|
||||||
case BT_L2CAP_CONTROL_SAR_CONTI:
|
case BT_L2CAP_CONTROL_SAR_CONTI:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue