| l2cap.c (e501bae08349e058caa4648e0af3dd01cbd89d20) | l2cap.c (eaeabfda24ba4bfc50576d6e6c6b01fa8a7d821c) |
|---|---|
| 1/* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright --- 3113 unchanged lines hidden (view full) --- 3122#ifdef ENABLE_CLASSIC 3123 l2cap_channel_t * l2cap_channel; 3124 l2cap_fixed_channel_t * l2cap_fixed_channel; 3125 3126 uint16_t channel_id = READ_L2CAP_CHANNEL_ID(packet); 3127 switch (channel_id) { 3128 3129 case L2CAP_CID_SIGNALING: { | 1/* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright --- 3113 unchanged lines hidden (view full) --- 3122#ifdef ENABLE_CLASSIC 3123 l2cap_channel_t * l2cap_channel; 3124 l2cap_fixed_channel_t * l2cap_fixed_channel; 3125 3126 uint16_t channel_id = READ_L2CAP_CHANNEL_ID(packet); 3127 switch (channel_id) { 3128 3129 case L2CAP_CID_SIGNALING: { |
| 3130 uint16_t command_offset = 8; 3131 while (command_offset < size) { | 3130 uint32_t command_offset = 8; 3131 while ((command_offset + L2CAP_SIGNALING_COMMAND_DATA_OFFSET) < size) { |
| 3132 // assert signaling command is fully inside packet 3133 uint16_t data_len = little_endian_read_16(packet, command_offset + L2CAP_SIGNALING_COMMAND_LENGTH_OFFSET); | 3132 // assert signaling command is fully inside packet 3133 uint16_t data_len = little_endian_read_16(packet, command_offset + L2CAP_SIGNALING_COMMAND_LENGTH_OFFSET); |
| 3134 uint32_t next_command_offset = ((uint32_t) command_offset) + L2CAP_SIGNALING_COMMAND_DATA_OFFSET + data_len; | 3134 uint32_t next_command_offset = command_offset + L2CAP_SIGNALING_COMMAND_DATA_OFFSET + data_len; |
| 3135 if (next_command_offset > size){ 3136 log_error("l2cap signaling command len invalid -> drop"); 3137 break; 3138 } 3139 // handle signaling command 3140 l2cap_signaling_handler_dispatch(handle, &packet[command_offset]); 3141 // go to next command | 3135 if (next_command_offset > size){ 3136 log_error("l2cap signaling command len invalid -> drop"); 3137 break; 3138 } 3139 // handle signaling command 3140 l2cap_signaling_handler_dispatch(handle, &packet[command_offset]); 3141 // go to next command |
| 3142 command_offset = (uint16_t) next_command_offset; | 3142 command_offset = next_command_offset; |
| 3143 } 3144 break; 3145 } 3146 case L2CAP_CID_CONNECTIONLESS_CHANNEL: 3147 l2cap_fixed_channel = l2cap_fixed_channel_for_channel_id(L2CAP_CID_CONNECTIONLESS_CHANNEL); 3148 if (!l2cap_fixed_channel) break; 3149 if (!l2cap_fixed_channel->packet_handler) break; 3150 (*l2cap_fixed_channel->packet_handler)(UCD_DATA_PACKET, handle, &packet[COMPLETE_L2CAP_HEADER], size-COMPLETE_L2CAP_HEADER); --- 731 unchanged lines hidden --- | 3143 } 3144 break; 3145 } 3146 case L2CAP_CID_CONNECTIONLESS_CHANNEL: 3147 l2cap_fixed_channel = l2cap_fixed_channel_for_channel_id(L2CAP_CID_CONNECTIONLESS_CHANNEL); 3148 if (!l2cap_fixed_channel) break; 3149 if (!l2cap_fixed_channel->packet_handler) break; 3150 (*l2cap_fixed_channel->packet_handler)(UCD_DATA_PACKET, handle, &packet[COMPLETE_L2CAP_HEADER], size-COMPLETE_L2CAP_HEADER); --- 731 unchanged lines hidden --- |