espressif/esp-nimble
1
0
Fork 0
mirror of https://github.com/espressif/esp-nimble.git synced 2026-06-05 21:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed incorrect condition when comparing l2cap header length and mps/mtu

Browse Source
This commit is contained in:
Sumeet Singh
2024-08-26 15:47:07 +08:00
committed by Rahul Tank
parent b64455b3bd
commit 71ab12e581
4 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nimble/host/src/ble_l2cap.c
+25 -3
View File
@@ -208,7 +208,29 @@ ble_l2cap_reconfig(struct ble_l2cap_chan *chans[], uint8_t num, uint16_t new_mtu
}
}
return ble_l2cap_sig_coc_reconfig(conn_handle, chans, num, new_mtu);
return ble_l2cap_sig_coc_reconfig(conn_handle, chans, num, new_mtu, MYNEWT_VAL(BLE_L2CAP_COC_MPS));
}
int
ble_l2cap_reconfig_mtu_mps(struct ble_l2cap_chan *chans[], uint8_t num, uint16_t new_mtu, uint16_t new_mps)
{
int i;
uint16_t conn_handle;
if (num == 0 || !chans) {
return BLE_HS_EINVAL;
}
conn_handle = chans[0]->conn_handle;
for (i = 1; i < num; i++) {
if (conn_handle != chans[i]->conn_handle) {
BLE_HS_LOG(ERROR, "All channels should have same conn handle\n");
return BLE_HS_EINVAL;
}
}
return ble_l2cap_sig_coc_reconfig(conn_handle, chans, num, new_mtu, new_mps);
}
int
@@ -385,7 +407,7 @@ ble_l2cap_rx(struct ble_hs_conn *conn,
}
/* For CIDs from dynamic range we check if SDU size isn't larger than MPS */
if (chan->dcid >= 0x0040 && chan->dcid <= 0x007F && l2cap_hdr.len > chan->my_coc_mps) {
if (chan->dcid >= 0x0040 && chan->dcid <= 0x007F && l2cap_hdr.len > (chan->my_coc_mps + BLE_L2CAP_SDU_SZ)) {
/* Data exceeds MPS */
BLE_HS_LOG(ERROR, "error: sdu_len > chan->my_coc_mps (%d>%d)\n",
l2cap_hdr.len, chan->my_coc_mps);
@@ -399,7 +421,7 @@ ble_l2cap_rx(struct ble_hs_conn *conn,
ble_l2cap_remove_rx(conn, chan);
}
if (l2cap_hdr.len > ble_l2cap_get_mtu(chan)) {
if (l2cap_hdr.len - BLE_L2CAP_SDU_SZ > ble_l2cap_get_mtu(chan)) {
/* More data than we expected on the channel.
* Disconnect peer with invalid behaviour
*/
nimble/host/src/ble_l2cap_priv.h
+2
View File
@@ -55,6 +55,7 @@ extern struct os_mempool ble_l2cap_chan_pool;
#define BLE_L2CAP_CID_BLACK_HOLE 0xffff
#define BLE_L2CAP_HDR_SZ 4
#define BLE_L2CAP_SDU_SZ 2
typedef uint8_t ble_l2cap_chan_flags;
@@ -137,6 +138,7 @@ int ble_l2cap_enhanced_connect(uint16_t conn_handle,
uint8_t num, struct os_mbuf *sdu_rx[],
ble_l2cap_event_fn *cb, void *cb_arg);
int ble_l2cap_reconfig(struct ble_l2cap_chan *chans[], uint8_t num, uint16_t new_mtu);
int ble_l2cap_reconfig_mtu_mps(struct ble_l2cap_chan *chans[], uint8_t num, uint16_t new_mtu, uint16_t new_mps);
#ifdef __cplusplus
}
nimble/host/src/ble_l2cap_sig.c
+2 -2
View File
@@ -1493,7 +1493,7 @@ done:
int
ble_l2cap_sig_coc_reconfig(uint16_t conn_handle, struct ble_l2cap_chan *chans[],
uint8_t num, uint16_t new_mtu)
uint8_t num, uint16_t new_mtu, uint16_t new_mps)
{
struct ble_hs_conn *conn;
struct ble_l2cap_sig_proc *proc;
@@ -1529,7 +1529,7 @@ ble_l2cap_sig_coc_reconfig(uint16_t conn_handle, struct ble_l2cap_chan *chans[],
proc->op = BLE_L2CAP_SIG_PROC_OP_RECONFIG;
proc->reconfig.cid_cnt = num;
proc->reconfig.new_mtu = new_mtu;
proc->reconfig.new_mps = MYNEWT_VAL(BLE_L2CAP_COC_MPS);
proc->reconfig.new_mps = new_mps;
proc->id = ble_l2cap_sig_next_id();
proc->conn_handle = conn_handle;
nimble/host/src/ble_l2cap_sig_priv.h
+2 -2
View File
@@ -154,7 +154,7 @@ int ble_l2cap_sig_ecoc_connect(uint16_t conn_handle,
uint8_t num, struct os_mbuf *sdu_rx[],
ble_l2cap_event_fn *cb, void *cb_arg);
int ble_l2cap_sig_coc_reconfig(uint16_t conn_handle, struct ble_l2cap_chan *chans[],
uint8_t num, uint16_t new_mtu);
uint8_t num, uint16_t new_mtu, uint16_t new_mps);
#else
static inline int
ble_l2cap_sig_ecoc_connect(uint16_t conn_handle,
@@ -166,7 +166,7 @@ ble_l2cap_sig_ecoc_connect(uint16_t conn_handle,
}
static inline int
ble_l2cap_sig_coc_reconfig(uint16_t conn_handle, struct ble_l2cap_chan *chans[],
uint8_t num, uint16_t new_mtu)
uint8_t num, uint16_t new_mtu, uint16_t new_mps)
{
return BLE_HS_ENOTSUP;
}