Commit adb08ede authored by Ville Tervo's avatar Ville Tervo Committed by Marcel Holtmann

Bluetooth: Check result code of L2CAP information response

Check result code of L2CAP information response. Otherwise
it would read invalid feature mask and access invalid memory.
Signed-off-by: default avatarVille Tervo <ville.tervo@nokia.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 63406504
...@@ -3348,6 +3348,15 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm ...@@ -3348,6 +3348,15 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
del_timer(&conn->info_timer); del_timer(&conn->info_timer);
if (result != L2CAP_IR_SUCCESS) {
conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
conn->info_ident = 0;
l2cap_conn_start(conn);
return 0;
}
if (type == L2CAP_IT_FEAT_MASK) { if (type == L2CAP_IT_FEAT_MASK) {
conn->feat_mask = get_unaligned_le32(rsp->data); conn->feat_mask = get_unaligned_le32(rsp->data);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment