michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Fix bt_conn_lookup_state

Browse source 
If address stored in conn structure is BT_ADDR_LE_ANY, it means
that this slot has been already freed up, and the data is invalid.
bt_addr_le_cmp(peer, &conns[i].dst) returns True if both arguments
are BT_ADDR_LE_ANY, so invalid conn with address BT_ADDR_LE_ANY
can be returned.

Change-Id: I78ecafe0f9d6e1bbca4c7bf2c44eaec858787247
Signed-off-by: Mariusz Skamra <mariusz.skamra@tieto.com>
This commit is contained in:
Mariusz Skamra 2015-07-01 18:16:35 +02:00 committed by Anas Nashif
commit 7ba400c321
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
net/bluetooth/conn.c
View file

@ -378,6 +378,10 @@ struct bt_conn *bt_conn_lookup_state(const bt_addr_le_t *peer,
int i; int i;
for (i = 0; i < ARRAY_SIZE(conns); i++) { for (i = 0; i < ARRAY_SIZE(conns); i++) {
if (!bt_addr_le_cmp(&conns[i].dst, BT_ADDR_LE_ANY)) {
continue;
}
if (bt_addr_le_cmp(peer, BT_ADDR_LE_ANY) && if (bt_addr_le_cmp(peer, BT_ADDR_LE_ANY) &&
bt_addr_le_cmp(peer, &conns[i].dst)) { bt_addr_le_cmp(peer, &conns[i].dst)) {
continue; continue;