From d5e694a307896819988f35501987d8e983527701 Mon Sep 17 00:00:00 2001
From: Matthias Ringwald <matthias@ringwald.ch>
Date: Wed, 17 Jan 2018 12:05:42 +0100
Subject: [PATCH] l2cap: fix parsing of CONNECTION_PARAMETER_UPDATE_REQUEST

---
 src/l2cap.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/l2cap.c b/src/l2cap.c
index e259b0a1c..8c3371130 100644
--- a/src/l2cap.c
+++ b/src/l2cap.c
@@ -2765,10 +2765,10 @@ static int l2cap_le_signaling_handler_dispatch(hci_con_handle_t handle, uint8_t
                 int update_parameter = 1;
                 le_connection_parameter_range_t existing_range;
                 gap_get_connection_parameter_range(&existing_range);
-                uint16_t le_conn_interval_min = little_endian_read_16(command,8);
-                uint16_t le_conn_interval_max = little_endian_read_16(command,10);
-                uint16_t le_conn_latency = little_endian_read_16(command,12);
-                uint16_t le_supervision_timeout = little_endian_read_16(command,14);
+                uint16_t le_conn_interval_min   = little_endian_read_16(command,L2CAP_SIGNALING_COMMAND_DATA_OFFSET);
+                uint16_t le_conn_interval_max   = little_endian_read_16(command,L2CAP_SIGNALING_COMMAND_DATA_OFFSET+2);
+                uint16_t le_conn_latency        = little_endian_read_16(command,L2CAP_SIGNALING_COMMAND_DATA_OFFSET+4);
+                uint16_t le_supervision_timeout = little_endian_read_16(command,L2CAP_SIGNALING_COMMAND_DATA_OFFSET+6);
 
                 if (le_conn_interval_min < existing_range.le_conn_interval_min) update_parameter = 0;
                 if (le_conn_interval_max > existing_range.le_conn_interval_max) update_parameter = 0;