summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrei Emeltchenko <andrei.emeltchenko@nokia.com>2011-03-25 12:31:41 +0300
committerGustavo F. Padovan <padovan@profusion.mobi>2011-03-31 21:22:58 +0400
commite90165be9a4d6a1e8fa632fcae00a5294abd3981 (patch)
tree4bd658a68194912fa82b2c7241ef065a1d4940b4
parentd1010240fa9aac93da56a683c1295e759ee69d10 (diff)
downloadlinux-e90165be9a4d6a1e8fa632fcae00a5294abd3981.tar.xz
Bluetooth: check L2CAP info_rsp ident and state
Information requests/responses are unbound to L2CAP channel. Patch fixes issue arising when two devices connects at the same time to each other. This way we do not process out of the context messages. We are safe dropping info_rsp since info_timer is left running. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
-rw-r--r--net/bluetooth/l2cap_core.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index bf09f6027bd2..033c83be3524 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -2461,6 +2461,11 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
+ /* L2CAP Info req/rsp are unbound to channels, add extra checks */
+ if (cmd->ident != conn->info_ident ||
+ conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
+ return 0;
+
del_timer(&conn->info_timer);
if (result != L2CAP_IR_SUCCESS) {