Bluetooth: ATT: Fix not forwarding error properly

When retrying the request due to a security error that can fail but since
the original buffer was freed in the process the code can no longer verify
if the opcode matches thus it always fails BT_ATT_ERR_UNLIKELY instead of
using the response error, so this not longer cares about the opcode and
just use the response error always.

JIRA: ZEP-1195

Change-Id: I1149b993b97733ab5bb00f347e4f973647e0fdd4
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This commit is contained in:
Luiz Augusto von Dentz 2016-11-09 13:35:28 +02:00 committed by Johan Hedberg
commit 629ab2da6b

View file

@ -1496,7 +1496,6 @@ static int att_change_security(struct bt_conn *conn, uint8_t err)
static uint8_t att_error_rsp(struct bt_att *att, struct net_buf *buf)
{
struct bt_att_error_rsp *rsp;
struct bt_att_hdr *hdr;
uint8_t err;
rsp = (void *)buf->data;
@ -1504,17 +1503,17 @@ static uint8_t att_error_rsp(struct bt_att *att, struct net_buf *buf)
BT_DBG("request 0x%02x handle 0x%04x error 0x%02x", rsp->request,
sys_le16_to_cpu(rsp->handle), rsp->error);
if (!att->req || !att->req->buf) {
if (!att->req) {
err = BT_ATT_ERR_UNLIKELY;
goto done;
}
/* Restore state to be resent */
net_buf_simple_restore(&att->req->buf->b, &att->req->state);
if (att->req->buf) {
/* Restore state to be resent */
net_buf_simple_restore(&att->req->buf->b, &att->req->state);
}
hdr = (void *)att->req->buf->data;
err = rsp->request == hdr->code ? rsp->error : BT_ATT_ERR_UNLIKELY;
err = rsp->error;
#if defined(CONFIG_BLUETOOTH_SMP)
if (att->req->retrying) {
goto done;