Loading system/stack/l2cap/l2c_main.cc +7 −1 Original line number Diff line number Diff line Loading @@ -296,6 +296,12 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { STREAM_TO_UINT8(id, p); STREAM_TO_UINT16(cmd_len, p); if (cmd_len > BT_SMALL_BUFFER_SIZE) { L2CAP_TRACE_WARNING("L2CAP - Invalid MTU Size"); l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_MTU_EXCEEDED, id, 0, 0); return; } /* Check command length does not exceed packet length */ if ((p_next_cmd = p + cmd_len) > p_pkt_end) { L2CAP_TRACE_WARNING("Command len bad pkt_len: %d cmd_len: %d code: %d", Loading Loading @@ -626,7 +632,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { break; case L2CAP_CMD_ECHO_REQ: l2cu_send_peer_echo_rsp(p_lcb, id, NULL, 0); l2cu_send_peer_echo_rsp(p_lcb, id, p, cmd_len); break; case L2CAP_CMD_ECHO_RSP: Loading Loading
system/stack/l2cap/l2c_main.cc +7 −1 Original line number Diff line number Diff line Loading @@ -296,6 +296,12 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { STREAM_TO_UINT8(id, p); STREAM_TO_UINT16(cmd_len, p); if (cmd_len > BT_SMALL_BUFFER_SIZE) { L2CAP_TRACE_WARNING("L2CAP - Invalid MTU Size"); l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_MTU_EXCEEDED, id, 0, 0); return; } /* Check command length does not exceed packet length */ if ((p_next_cmd = p + cmd_len) > p_pkt_end) { L2CAP_TRACE_WARNING("Command len bad pkt_len: %d cmd_len: %d code: %d", Loading Loading @@ -626,7 +632,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { break; case L2CAP_CMD_ECHO_REQ: l2cu_send_peer_echo_rsp(p_lcb, id, NULL, 0); l2cu_send_peer_echo_rsp(p_lcb, id, p, cmd_len); break; case L2CAP_CMD_ECHO_RSP: Loading
