mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-02-23 00:39:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

l2cap: avoid read-after-free on decline of incoming connection with ERTM enabled

Browse Source
This commit is contained in:
Matthias Ringwald 2020-01-13 16:38:13 +01:00
parent 44b583f519
commit 75e67d8a2b
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased] ## [Unreleased]
### Fixed ### Fixed
- L2CAP ERTM: avoid read-after-free on decline of incoming connection
### Added ### Added
- att_db_util: provide GATT Database Hash via att_db_util_hash_calc - att_db_util: provide GATT Database Hash via att_db_util_hash_calc

3
src/l2cap.c
View File

@ -1580,6 +1580,7 @@ static void l2cap_run(void){
// discard channel - l2cap_finialize_channel_close without sending l2cap close event // discard channel - l2cap_finialize_channel_close without sending l2cap close event
btstack_linked_list_iterator_remove(&it); btstack_linked_list_iterator_remove(&it);
l2cap_free_channel_entry(channel); l2cap_free_channel_entry(channel);
channel = NULL;
break; break;
case L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_ACCEPT: case L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_ACCEPT:
@ -1676,7 +1677,7 @@ static void l2cap_run(void){
#ifdef ENABLE_L2CAP_ENHANCED_RETRANSMISSION_MODE #ifdef ENABLE_L2CAP_ENHANCED_RETRANSMISSION_MODE
// handle channel finalize on L2CAP_STATE_WILL_SEND_DISCONNECT_RESPONSE // handle channel finalize on L2CAP_STATE_WILL_SEND_DISCONNECT_RESPONSE and L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_DECLINE
if (!channel) continue; if (!channel) continue;
// ERTM mode // ERTM mode