Fix multiple OOB bugs resulted from tx mtu in EATT (282d4a18) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/eatt/eatt.h

+7 −2

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@

		#pragma once

		#include <algorithm>
		#include <deque>

		#include "stack/gatt/gatt_int.h"
		@@ -24,6 +25,7 @@

		#define EATT_MIN_MTU_MPS (64)
		#define EATT_DEFAULT_MTU (256)
		#define EATT_MAX_TX_MTU (1024)
		#define EATT_ALL_CIDS (0xFFFF)

		namespace bluetooth {
		@@ -59,13 +61,13 @@ class EattChannel {
		EattChannel(RawAddress& bda, uint16_t cid, uint16_t tx_mtu, uint16_t rx_mtu)
		: bda_(bda),
		cid_(cid),
		tx_mtu_(tx_mtu),
		rx_mtu_(rx_mtu),
		state_(EattChannelState::EATT_CHANNEL_PENDING),
		indicate_handle_(0),
		ind_ack_timer_(NULL),
		ind_confirmation_timer_(NULL) {
		cl_cmd_q_ = std::deque<tGATT_CMD_Q>();
		EattChannelSetTxMTU(tx_mtu);
		}

		~EattChannel() {
		@@ -94,7 +96,10 @@ class EattChannel {
		}
		state_ = state;
		}
		void EattChannelSetTxMTU(uint16_t tx_mtu) { this->tx_mtu_ = tx_mtu; }

		void EattChannelSetTxMTU(uint16_t tx_mtu) {
		this->tx_mtu_ = std::min<uint16_t>(tx_mtu, EATT_MAX_TX_MTU);
		}
		};

		/* Interface class */

+1 −1

Original line number	Diff line number	Diff line
		@@ -447,7 +447,7 @@ struct eatt_impl {
		if (is_local_cfg)
		channel->rx_mtu_ = p_cfg->mtu;
		else
		channel->tx_mtu_ = p_cfg->mtu;
		channel->EattChannelSetTxMTU(p_cfg->mtu);

		/* Go back to open state */
		channel->EattChannelSetState(EattChannelState::EATT_CHANNEL_OPENED);