Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit adb08ede authored by Ville Tervo's avatar Ville Tervo Committed by Marcel Holtmann
Browse files

Bluetooth: Check result code of L2CAP information response 



Check result code of L2CAP information response. Otherwise
it would read invalid feature mask and access invalid memory.

Signed-off-by: default avatarVille Tervo <ville.tervo@nokia.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 63406504

net/bluetooth/l2cap.c

+9 −0
Original line number Diff line number Diff line
@@ -3348,6 +3348,15 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm 


	del_timer(&conn->info_timer);



	if (result != L2CAP_IR_SUCCESS) {

		conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;

		conn->info_ident = 0;



		l2cap_conn_start(conn);



		return 0;

	}



	if (type == L2CAP_IT_FEAT_MASK) {

		conn->feat_mask = get_unaligned_le32(rsp->data);