Bluetooth: RFCOMM: Fix length errors when payload exceeds 127
hdr->length is the length of the payload, it should be buf->len - sizeof(*hdr) - 1 or buf->len - (sizeof(*hdr) + 1) Signed-off-by: ZhongYao Luo <LuoZhongYao@gmail.com>
This commit is contained in:
ZhongYao Luo
Johan Hedberg
parent
b35d414916
commit
a94e81ba3e
1 changed files with 1 additions and 1 deletions
|
|
@ -1431,7 +1431,7 @@ int bt_rfcomm_dlc_send(struct bt_rfcomm_dlc *dlc, struct net_buf *buf)
|
|||
hdr = net_buf_push(buf, sizeof(*hdr) + 1);
|
||||
len = (u16_t *)&hdr->length;
|
||||
*len = BT_RFCOMM_SET_LEN_16(sys_cpu_to_le16(buf->len -
|
||||
sizeof(*hdr) + 1));
|
||||
sizeof(*hdr) - 1));
|
||||
} else {
|
||||
hdr = net_buf_push(buf, sizeof(*hdr));
|
||||
hdr->length = BT_RFCOMM_SET_LEN_8(buf->len - sizeof(*hdr));
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue