michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: HCI: Handle invalid ACL flags.

Browse source 
Handle invalid ACL flags in HCI transport.
Only Point to Point is supported over HCI in both directions.
Fix flushable start HCI ACL packets not allowed on LE-U connections
from Host to controller.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit is contained in:
Joakim Andersson 2019-11-19 17:06:12 +01:00 committed by Johan Hedberg
commit a1d73acfcd
2 changed files with 21 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

21
subsys/bluetooth/controller/hci/hci.c
View file

@ -2336,11 +2336,24 @@ int hci_acl_handle(struct net_buf *buf, struct net_buf **evt)
pdu_data = (void *)node_tx->pdu; pdu_data = (void *)node_tx->pdu;
if (flags == BT_ACL_START_NO_FLUSH || flags == BT_ACL_START) { if (bt_acl_flags_bc(flags) != BT_ACL_POINT_TO_POINT) {
pdu_data->ll_id = PDU_DATA_LLID_DATA_START; return -EINVAL;
} else {
pdu_data->ll_id = PDU_DATA_LLID_DATA_CONTINUE;
} }
switch (bt_acl_flags_pb(flags)) {
case BT_ACL_START_NO_FLUSH:
pdu_data->ll_id = PDU_DATA_LLID_DATA_START;
break;
case BT_ACL_CONT:
pdu_data->ll_id = PDU_DATA_LLID_DATA_CONTINUE;
break;
default:
/* BT_ACL_START and BT_ACL_COMPLETE not allowed on LE-U
* from Host to Controller
*/
return -EINVAL;
}
pdu_data->len = len; pdu_data->len = len;
memcpy(&pdu_data->lldata[0], buf->data, len); memcpy(&pdu_data->lldata[0], buf->data, len);

4
subsys/bluetooth/host/conn.c
View file

@ -1206,6 +1206,10 @@ void bt_conn_recv(struct bt_conn *conn, struct net_buf *buf, u8_t flags)
break; break;
default: default:
/* BT_ACL_START_NO_FLUSH and BT_ACL_COMPLETE are not allowed on
* LE-U from Controller to Host.
* Only BT_ACL_POINT_TO_POINT is supported.
*/
BT_ERR("Unexpected ACL flags (0x%02x)", flags); BT_ERR("Unexpected ACL flags (0x%02x)", flags);
bt_conn_reset_rx_state(conn); bt_conn_reset_rx_state(conn);
net_buf_unref(buf); net_buf_unref(buf);