Bluetooth: Add missing check for invalid dynamic CID
When receiving an LE L2CAP Connect Request we should verify that the proposed remote CID is within the dynamic CID range, and if not return the appropriate error. Change-Id: I54ca2431f0f622f96bc2c3acbd3de7ca4c92713a Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
Johan Hedberg
Anas Nashif
parent
394de5d2c1
commit
4c6a95bb55
1 changed files with 6 additions and 0 deletions
|
|
@ -392,6 +392,12 @@ static void le_conn_req(struct bt_l2cap *l2cap, uint8_t ident,
|
|||
|
||||
/* TODO: Add security check */
|
||||
|
||||
if (scid < L2CAP_LE_DYN_CID_START || scid > L2CAP_LE_DYN_CID_END) {
|
||||
rsp->dcid = req->scid;
|
||||
rsp->result = BT_L2CAP_ERR_INVALID_SCID;
|
||||
goto rsp;
|
||||
}
|
||||
|
||||
chan = bt_l2cap_lookup_tx_cid(conn, scid);
|
||||
if (chan) {
|
||||
rsp->dcid = req->scid;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue