From 629ab2da6b32ddf6b8f9e2d4be105337de6bfad2 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Wed, 9 Nov 2016 13:35:28 +0200 Subject: [PATCH] Bluetooth: ATT: Fix not forwarding error properly When retrying the request due to a security error that can fail but since the original buffer was freed in the process the code can no longer verify if the opcode matches thus it always fails BT_ATT_ERR_UNLIKELY instead of using the response error, so this not longer cares about the opcode and just use the response error always. JIRA: ZEP-1195 Change-Id: I1149b993b97733ab5bb00f347e4f973647e0fdd4 Signed-off-by: Luiz Augusto von Dentz --- subsys/bluetooth/host/att.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/subsys/bluetooth/host/att.c b/subsys/bluetooth/host/att.c index 7797292844a..76e20c10813 100644 --- a/subsys/bluetooth/host/att.c +++ b/subsys/bluetooth/host/att.c @@ -1496,7 +1496,6 @@ static int att_change_security(struct bt_conn *conn, uint8_t err) static uint8_t att_error_rsp(struct bt_att *att, struct net_buf *buf) { struct bt_att_error_rsp *rsp; - struct bt_att_hdr *hdr; uint8_t err; rsp = (void *)buf->data; @@ -1504,17 +1503,17 @@ static uint8_t att_error_rsp(struct bt_att *att, struct net_buf *buf) BT_DBG("request 0x%02x handle 0x%04x error 0x%02x", rsp->request, sys_le16_to_cpu(rsp->handle), rsp->error); - if (!att->req || !att->req->buf) { + if (!att->req) { err = BT_ATT_ERR_UNLIKELY; goto done; } - /* Restore state to be resent */ - net_buf_simple_restore(&att->req->buf->b, &att->req->state); + if (att->req->buf) { + /* Restore state to be resent */ + net_buf_simple_restore(&att->req->buf->b, &att->req->state); + } - hdr = (void *)att->req->buf->data; - - err = rsp->request == hdr->code ? rsp->error : BT_ATT_ERR_UNLIKELY; + err = rsp->error; #if defined(CONFIG_BLUETOOTH_SMP) if (att->req->retrying) { goto done;