Loading system/stack/l2cap/l2c_main.cc +26 −0 Original line number Diff line number Diff line Loading @@ -321,9 +321,11 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { switch (cmd_code) { case L2CAP_CMD_REJECT: uint16_t rej_reason; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(rej_reason, p); if (rej_reason == L2CAP_CMD_REJ_MTU_EXCEEDED) { uint16_t rej_mtu; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(rej_mtu, p); /* What to do with the MTU reject ? We have negotiated an MTU. For now * we will ignore it and let a higher protocol timeout take care of it Loading @@ -333,6 +335,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { } if (rej_reason == L2CAP_CMD_REJ_INVALID_CID) { uint16_t lcid, rcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(rcid, p); STREAM_TO_UINT16(lcid, p); Loading Loading @@ -368,6 +371,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_CONN_REQ: { uint16_t rcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(con_info.psm, p); STREAM_TO_UINT16(rcid, p); tL2C_RCB* p_rcb = l2cu_find_rcb_by_psm(con_info.psm); Loading Loading @@ -401,6 +405,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_CONN_RSP: { uint16_t lcid; if (p + 8 > p_next_cmd) return; STREAM_TO_UINT16(con_info.remote_cid, p); STREAM_TO_UINT16(lcid, p); STREAM_TO_UINT16(con_info.l2cap_result, p); Loading Loading @@ -434,6 +439,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { uint16_t cfg_rej_len = 0; uint16_t lcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(lcid, p); STREAM_TO_UINT16(cfg_info.flags, p); Loading @@ -445,22 +451,26 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { while (p < p_cfg_end) { uint8_t cfg_code, cfg_len; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT8(cfg_code, p); STREAM_TO_UINT8(cfg_len, p); switch (cfg_code & 0x7F) { case L2CAP_CFG_TYPE_MTU: cfg_info.mtu_present = true; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(cfg_info.mtu, p); break; case L2CAP_CFG_TYPE_FLUSH_TOUT: cfg_info.flush_to_present = true; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(cfg_info.flush_to, p); break; case L2CAP_CFG_TYPE_QOS: cfg_info.qos_present = true; if (p + 2 + 5 * 4 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.qos.qos_flags, p); STREAM_TO_UINT8(cfg_info.qos.service_type, p); STREAM_TO_UINT32(cfg_info.qos.token_rate, p); Loading @@ -472,6 +482,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCR: cfg_info.fcr_present = true; if (p + 3 + 3 * 2 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.fcr.mode, p); STREAM_TO_UINT8(cfg_info.fcr.tx_win_sz, p); STREAM_TO_UINT8(cfg_info.fcr.max_transmit, p); Loading @@ -482,11 +493,13 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCS: cfg_info.fcs_present = true; if (p + 1 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.fcs, p); break; case L2CAP_CFG_TYPE_EXT_FLOW: cfg_info.ext_flow_spec_present = true; if (p + 2 + 2 + 3 * 4 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.ext_flow_spec.id, p); STREAM_TO_UINT8(cfg_info.ext_flow_spec.stype, p); STREAM_TO_UINT16(cfg_info.ext_flow_spec.max_sdu_size, p); Loading Loading @@ -533,6 +546,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_CONFIG_RSP: { uint8_t* p_cfg_end = p + cmd_len; uint16_t lcid; if (p + 6 > p_next_cmd) return; STREAM_TO_UINT16(lcid, p); STREAM_TO_UINT16(cfg_info.flags, p); STREAM_TO_UINT16(cfg_info.result, p); Loading @@ -543,22 +557,26 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { while (p < p_cfg_end) { uint8_t cfg_code, cfg_len; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT8(cfg_code, p); STREAM_TO_UINT8(cfg_len, p); switch (cfg_code & 0x7F) { case L2CAP_CFG_TYPE_MTU: cfg_info.mtu_present = true; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(cfg_info.mtu, p); break; case L2CAP_CFG_TYPE_FLUSH_TOUT: cfg_info.flush_to_present = true; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(cfg_info.flush_to, p); break; case L2CAP_CFG_TYPE_QOS: cfg_info.qos_present = true; if (p + 2 + 5 * 4 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.qos.qos_flags, p); STREAM_TO_UINT8(cfg_info.qos.service_type, p); STREAM_TO_UINT32(cfg_info.qos.token_rate, p); Loading @@ -570,6 +588,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCR: cfg_info.fcr_present = true; if (p + 3 + 3 * 2 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.fcr.mode, p); STREAM_TO_UINT8(cfg_info.fcr.tx_win_sz, p); STREAM_TO_UINT8(cfg_info.fcr.max_transmit, p); Loading @@ -580,11 +599,13 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCS: cfg_info.fcs_present = true; if (p + 1 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.fcs, p); break; case L2CAP_CFG_TYPE_EXT_FLOW: cfg_info.ext_flow_spec_present = true; if (p + 2 + 2 + 3 * 4 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.ext_flow_spec.id, p); STREAM_TO_UINT8(cfg_info.ext_flow_spec.stype, p); STREAM_TO_UINT16(cfg_info.ext_flow_spec.max_sdu_size, p); Loading Loading @@ -616,6 +637,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_DISC_REQ: { uint16_t lcid, rcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(lcid, p); STREAM_TO_UINT16(rcid, p); Loading @@ -633,6 +655,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_DISC_RSP: { uint16_t lcid, rcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(rcid, p); STREAM_TO_UINT16(lcid, p); Loading Loading @@ -662,6 +685,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_INFO_REQ: { uint16_t info_type; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(info_type, p); l2cu_send_peer_info_rsp(p_lcb, id, info_type); break; Loading @@ -675,6 +699,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { } uint16_t info_type, result; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(info_type, p); STREAM_TO_UINT16(result, p); Loading @@ -682,6 +707,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { if ((info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) && (result == L2CAP_INFO_RESP_RESULT_SUCCESS)) { if (p + 4 > p_next_cmd) return; STREAM_TO_UINT32(p_lcb->peer_ext_fea, p); #if (L2CAP_NUM_FIXED_CHNLS > 0) Loading Loading
system/stack/l2cap/l2c_main.cc +26 −0 Original line number Diff line number Diff line Loading @@ -321,9 +321,11 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { switch (cmd_code) { case L2CAP_CMD_REJECT: uint16_t rej_reason; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(rej_reason, p); if (rej_reason == L2CAP_CMD_REJ_MTU_EXCEEDED) { uint16_t rej_mtu; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(rej_mtu, p); /* What to do with the MTU reject ? We have negotiated an MTU. For now * we will ignore it and let a higher protocol timeout take care of it Loading @@ -333,6 +335,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { } if (rej_reason == L2CAP_CMD_REJ_INVALID_CID) { uint16_t lcid, rcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(rcid, p); STREAM_TO_UINT16(lcid, p); Loading Loading @@ -368,6 +371,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_CONN_REQ: { uint16_t rcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(con_info.psm, p); STREAM_TO_UINT16(rcid, p); tL2C_RCB* p_rcb = l2cu_find_rcb_by_psm(con_info.psm); Loading Loading @@ -401,6 +405,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_CONN_RSP: { uint16_t lcid; if (p + 8 > p_next_cmd) return; STREAM_TO_UINT16(con_info.remote_cid, p); STREAM_TO_UINT16(lcid, p); STREAM_TO_UINT16(con_info.l2cap_result, p); Loading Loading @@ -434,6 +439,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { uint16_t cfg_rej_len = 0; uint16_t lcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(lcid, p); STREAM_TO_UINT16(cfg_info.flags, p); Loading @@ -445,22 +451,26 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { while (p < p_cfg_end) { uint8_t cfg_code, cfg_len; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT8(cfg_code, p); STREAM_TO_UINT8(cfg_len, p); switch (cfg_code & 0x7F) { case L2CAP_CFG_TYPE_MTU: cfg_info.mtu_present = true; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(cfg_info.mtu, p); break; case L2CAP_CFG_TYPE_FLUSH_TOUT: cfg_info.flush_to_present = true; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(cfg_info.flush_to, p); break; case L2CAP_CFG_TYPE_QOS: cfg_info.qos_present = true; if (p + 2 + 5 * 4 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.qos.qos_flags, p); STREAM_TO_UINT8(cfg_info.qos.service_type, p); STREAM_TO_UINT32(cfg_info.qos.token_rate, p); Loading @@ -472,6 +482,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCR: cfg_info.fcr_present = true; if (p + 3 + 3 * 2 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.fcr.mode, p); STREAM_TO_UINT8(cfg_info.fcr.tx_win_sz, p); STREAM_TO_UINT8(cfg_info.fcr.max_transmit, p); Loading @@ -482,11 +493,13 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCS: cfg_info.fcs_present = true; if (p + 1 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.fcs, p); break; case L2CAP_CFG_TYPE_EXT_FLOW: cfg_info.ext_flow_spec_present = true; if (p + 2 + 2 + 3 * 4 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.ext_flow_spec.id, p); STREAM_TO_UINT8(cfg_info.ext_flow_spec.stype, p); STREAM_TO_UINT16(cfg_info.ext_flow_spec.max_sdu_size, p); Loading Loading @@ -533,6 +546,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_CONFIG_RSP: { uint8_t* p_cfg_end = p + cmd_len; uint16_t lcid; if (p + 6 > p_next_cmd) return; STREAM_TO_UINT16(lcid, p); STREAM_TO_UINT16(cfg_info.flags, p); STREAM_TO_UINT16(cfg_info.result, p); Loading @@ -543,22 +557,26 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { while (p < p_cfg_end) { uint8_t cfg_code, cfg_len; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT8(cfg_code, p); STREAM_TO_UINT8(cfg_len, p); switch (cfg_code & 0x7F) { case L2CAP_CFG_TYPE_MTU: cfg_info.mtu_present = true; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(cfg_info.mtu, p); break; case L2CAP_CFG_TYPE_FLUSH_TOUT: cfg_info.flush_to_present = true; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(cfg_info.flush_to, p); break; case L2CAP_CFG_TYPE_QOS: cfg_info.qos_present = true; if (p + 2 + 5 * 4 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.qos.qos_flags, p); STREAM_TO_UINT8(cfg_info.qos.service_type, p); STREAM_TO_UINT32(cfg_info.qos.token_rate, p); Loading @@ -570,6 +588,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCR: cfg_info.fcr_present = true; if (p + 3 + 3 * 2 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.fcr.mode, p); STREAM_TO_UINT8(cfg_info.fcr.tx_win_sz, p); STREAM_TO_UINT8(cfg_info.fcr.max_transmit, p); Loading @@ -580,11 +599,13 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CFG_TYPE_FCS: cfg_info.fcs_present = true; if (p + 1 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.fcs, p); break; case L2CAP_CFG_TYPE_EXT_FLOW: cfg_info.ext_flow_spec_present = true; if (p + 2 + 2 + 3 * 4 > p_next_cmd) return; STREAM_TO_UINT8(cfg_info.ext_flow_spec.id, p); STREAM_TO_UINT8(cfg_info.ext_flow_spec.stype, p); STREAM_TO_UINT16(cfg_info.ext_flow_spec.max_sdu_size, p); Loading Loading @@ -616,6 +637,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_DISC_REQ: { uint16_t lcid, rcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(lcid, p); STREAM_TO_UINT16(rcid, p); Loading @@ -633,6 +655,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_DISC_RSP: { uint16_t lcid, rcid; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(rcid, p); STREAM_TO_UINT16(lcid, p); Loading Loading @@ -662,6 +685,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { case L2CAP_CMD_INFO_REQ: { uint16_t info_type; if (p + 2 > p_next_cmd) return; STREAM_TO_UINT16(info_type, p); l2cu_send_peer_info_rsp(p_lcb, id, info_type); break; Loading @@ -675,6 +699,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { } uint16_t info_type, result; if (p + 4 > p_next_cmd) return; STREAM_TO_UINT16(info_type, p); STREAM_TO_UINT16(result, p); Loading @@ -682,6 +707,7 @@ static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { if ((info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) && (result == L2CAP_INFO_RESP_RESULT_SUCCESS)) { if (p + 4 > p_next_cmd) return; STREAM_TO_UINT32(p_lcb->peer_ext_fea, p); #if (L2CAP_NUM_FIXED_CHNLS > 0) Loading
