mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-02-22 06:41:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

l2cap: avoid read-after-free on decline of incoming connection with ERTM enabled

Browse Source
This commit is contained in:
Matthias Ringwald 2020-01-13 16:38:13 +01:00
parent 44b583f519
commit 75e67d8a2b
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased]
### Fixed
- L2CAP ERTM: avoid read-after-free on decline of incoming connection
### Added
- att_db_util: provide GATT Database Hash via att_db_util_hash_calc

5
src/l2cap.c
View File

@ -1579,7 +1579,8 @@ static void l2cap_run(void){
l2cap_send_signaling_packet(channel->con_handle, CONNECTION_RESPONSE, channel->remote_sig_id, channel->local_cid, channel->remote_cid, channel->reason, 0);
// discard channel - l2cap_finialize_channel_close without sending l2cap close event
btstack_linked_list_iterator_remove(&it);
l2cap_free_channel_entry(channel);
l2cap_free_channel_entry(channel);
channel = NULL;
break;
case L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_ACCEPT:
@ -1676,7 +1677,7 @@ static void l2cap_run(void){
#ifdef ENABLE_L2CAP_ENHANCED_RETRANSMISSION_MODE
// handle channel finalize on L2CAP_STATE_WILL_SEND_DISCONNECT_RESPONSE
// handle channel finalize on L2CAP_STATE_WILL_SEND_DISCONNECT_RESPONSE and L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_DECLINE
if (!channel) continue;
// ERTM mode