Hi Johan,
> When we have an LE link we should not respond to any data on the BR/EDR
> L2CAP signaling channel (0x0001) and vice-versa when we have a BR/EDR
> link we should not respond to LE L2CAP (CID 0x0005) signaling commands.
> This patch fixes this issue by checking for a valid link type and
> ignores data if it is wrong.
>
> Signed-off-by: Johan Hedberg <johan.hedberg@xxxxxxxxx>
> ---
> net/bluetooth/l2cap_core.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
Acked-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>
> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> index ea3792f..1d03644 100644
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -5297,6 +5297,7 @@ static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
> static inline void l2cap_le_sig_channel(struct l2cap_conn *conn,
> struct sk_buff *skb)
> {
> + struct hci_conn *hcon = conn->hcon;
> u8 *data = skb->data;
> int len = skb->len;
> struct l2cap_cmd_hdr cmd;
> @@ -5304,6 +5305,9 @@ static inline void l2cap_le_sig_channel(struct l2cap_conn *conn,
>
> l2cap_raw_recv(conn, skb);
>
> + if (hcon->type != LE_LINK)
> + return;
> +
However I do have a question here. Can we just drop the packet or should we even in this case return invalid CID. What does the core spec. recommend in this case?
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
