Bluetooth: check L2CAP info_rsp ident and state
Information requests/responses are unbound to L2CAP channel. Patch fixes issue arising when two devices connects at the same time to each other. This way we do not process out of the context messages. We are safe dropping info_rsp since info_timer is left running. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This commit is contained in:
parent
d1010240fa
commit
e90165be9a
|
@ -2461,6 +2461,11 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
|
|||
|
||||
BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
|
||||
|
||||
/* L2CAP Info req/rsp are unbound to channels, add extra checks */
|
||||
if (cmd->ident != conn->info_ident ||
|
||||
conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
|
||||
return 0;
|
||||
|
||||
del_timer(&conn->info_timer);
|
||||
|
||||
if (result != L2CAP_IR_SUCCESS) {
|
||||
|
|
Loading…
Reference in New Issue