mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-01-30 15:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

l2cap: fix buffer overflow

Browse Source
This commit is contained in:
andryblack 2018-01-21 05:45:24 +03:00
parent ff01079be9
commit f2c7079962
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/l2cap.c
View File

@ -396,7 +396,7 @@ static uint16_t l2cap_setup_options_ertm_request(l2cap_channel_t * channel, uint
config_options[pos++] = L2CAP_CONFIG_OPTION_TYPE_FRAME_CHECK_SEQUENCE;
config_options[pos++] = 1; // length
config_options[pos++] = channel->fcs_option;
return pos;
return pos; // 11+4+3=18
}
static uint16_t l2cap_setup_options_ertm_response(l2cap_channel_t * channel, uint8_t * config_options){
@ -430,7 +430,7 @@ static uint16_t l2cap_setup_options_ertm_response(l2cap_channel_t * channel, uin
config_options[pos++] = 1; // length
config_options[pos++] = channel->fcs_option;
#endif
return pos;
return pos; // 11+4=15
}
static int l2cap_ertm_send_supervisor_frame(l2cap_channel_t * channel, uint16_t control){
@ -1362,7 +1362,11 @@ static void l2cap_run(void){
#endif
#ifdef ENABLE_CLASSIC
#ifdef ENABLE_L2CAP_ENHANCED_RETRANSMISSION_MODE
uint8_t config_options[18];
#else
uint8_t config_options[10];
#endif
btstack_linked_list_iterator_init(&it, &l2cap_channels);
while (btstack_linked_list_iterator_has_next(&it)){