Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 51893f88 authored by Nathan Holstein's avatar Nathan Holstein Committed by Marcel Holtmann
Browse files

Bluetooth: Fix bug with ERTM minimum packet length 



ERTM and streaming mode L2CAP sockets have no minimum packet length. Only
basic mode connections have minimum length.

Instead, validate the packet containing all necessary control, FCS,
and SAR fields.

The patch fixes the drop of valid packets with length lower than 4.

Signed-off-by: default avatarNathan Holstein <ngh@isomerica.net>
Signed-off-by: default avatarGustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent bfbacc11

net/bluetooth/l2cap.c

+4 −4
Original line number Diff line number Diff line
@@ -4092,9 +4092,9 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk 
{

	struct sock *sk;

	struct l2cap_pinfo *pi;

	u16 control, len;

	u16 control;

	u8 tx_seq, req_seq;

	int next_tx_seq_offset, req_seq_offset;

	int len, next_tx_seq_offset, req_seq_offset;



	sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);

	if (!sk) {
@@ -4164,7 +4164,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk 
		}



		if (__is_iframe(control)) {

			if (len < 4) {

			if (len < 0) {

				l2cap_send_disconn_req(pi->conn, sk);

				goto drop;

			}
@@ -4192,7 +4192,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk 
		if (pi->fcs == L2CAP_FCS_CRC16)

			len -= 2;



		if (len > pi->mps || len < 4 || __is_sframe(control))

		if (len > pi->mps || len < 0 || __is_sframe(control))

			goto drop;



		if (l2cap_check_fcs(pi, skb))