Bluetooth: SDP: Validate Transaction ID of PDU
Adds check on receiving side whether current SDP PDU response matches correcponding SDP PDU request. Jira: ZEP-1112 Change-Id: Ide8da54fe38f12d3bcb1e7d056050c038b7ec065 Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
This commit is contained in:
parent
b37e285c03
commit
714718a33d
1 changed files with 5 additions and 2 deletions
|
@ -421,8 +421,6 @@ static void sdp_client_receive(struct bt_l2cap_chan *chan, struct net_buf *buf)
|
||||||
struct bt_sdp_hdr *hdr = (void *)buf->data;
|
struct bt_sdp_hdr *hdr = (void *)buf->data;
|
||||||
uint16_t len, tid;
|
uint16_t len, tid;
|
||||||
|
|
||||||
ARG_UNUSED(session);
|
|
||||||
|
|
||||||
BT_DBG("session %p buf %p", session, buf);
|
BT_DBG("session %p buf %p", session, buf);
|
||||||
|
|
||||||
if (buf->len < sizeof(*hdr)) {
|
if (buf->len < sizeof(*hdr)) {
|
||||||
|
@ -445,6 +443,11 @@ static void sdp_client_receive(struct bt_l2cap_chan *chan, struct net_buf *buf)
|
||||||
BT_ERR("SDP PDU length mismatch (%u != %u)", buf->len, len);
|
BT_ERR("SDP PDU length mismatch (%u != %u)", buf->len, len);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (tid != session->tid) {
|
||||||
|
BT_ERR("Mismatch transaction ID value in SDP PDU");
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static int sdp_client_chan_connect(struct bt_sdp_client *session)
|
static int sdp_client_chan_connect(struct bt_sdp_client *session)
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue