Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 45398
b: refs/heads/master
c: f477756
h: refs/heads/master
v: v3
  • Loading branch information
Marcel Holtmann authored and David S. Miller committed Jan 9, 2007
1 parent 3861698 commit 2ec58fb
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 7 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: d2e7543c41755f4ec75385536b109d5f084fe734
refs/heads/master: f4777569204cb59f2f04fbe9ef4e9a6918209104
39 changes: 33 additions & 6 deletions trunk/net/bluetooth/cmtp/capi.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s

switch (CAPIMSG_SUBCOMMAND(skb->data)) {
case CAPI_CONF:
if (skb->len < CAPI_MSG_BASELEN + 10)
break;

func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5);
info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8);

Expand Down Expand Up @@ -226,6 +229,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
break;

case CAPI_FUNCTION_GET_PROFILE:
if (skb->len < CAPI_MSG_BASELEN + 11 + sizeof(capi_profile))
break;

controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11);
msgnum = CAPIMSG_MSGID(skb->data);

Expand All @@ -246,17 +252,26 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
break;

case CAPI_FUNCTION_GET_MANUFACTURER:
if (skb->len < CAPI_MSG_BASELEN + 15)
break;

controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10);

if (!info && ctrl) {
int len = min_t(uint, CAPI_MANUFACTURER_LEN,
skb->data[CAPI_MSG_BASELEN + 14]);

memset(ctrl->manu, 0, CAPI_MANUFACTURER_LEN);
strncpy(ctrl->manu,
skb->data + CAPI_MSG_BASELEN + 15,
skb->data[CAPI_MSG_BASELEN + 14]);
skb->data + CAPI_MSG_BASELEN + 15, len);
}

break;

case CAPI_FUNCTION_GET_VERSION:
if (skb->len < CAPI_MSG_BASELEN + 32)
break;

controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);

if (!info && ctrl) {
Expand All @@ -269,13 +284,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
break;

case CAPI_FUNCTION_GET_SERIAL_NUMBER:
if (skb->len < CAPI_MSG_BASELEN + 17)
break;

controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);

if (!info && ctrl) {
int len = min_t(uint, CAPI_SERIAL_LEN,
skb->data[CAPI_MSG_BASELEN + 16]);

memset(ctrl->serial, 0, CAPI_SERIAL_LEN);
strncpy(ctrl->serial,
skb->data + CAPI_MSG_BASELEN + 17,
skb->data[CAPI_MSG_BASELEN + 16]);
skb->data + CAPI_MSG_BASELEN + 17, len);
}

break;
Expand All @@ -284,14 +304,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
break;

case CAPI_IND:
if (skb->len < CAPI_MSG_BASELEN + 6)
break;

func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3);

if (func == CAPI_FUNCTION_LOOPBACK) {
int len = min_t(uint, skb->len - CAPI_MSG_BASELEN - 6,
skb->data[CAPI_MSG_BASELEN + 5]);
appl = CAPIMSG_APPID(skb->data);
msgnum = CAPIMSG_MSGID(skb->data);
cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func,
skb->data + CAPI_MSG_BASELEN + 6,
skb->data[CAPI_MSG_BASELEN + 5]);
skb->data + CAPI_MSG_BASELEN + 6, len);
}

break;
Expand All @@ -309,6 +333,9 @@ void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb)

BT_DBG("session %p skb %p len %d", session, skb, skb->len);

if (skb->len < CAPI_MSG_BASELEN)
return;

if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) {
cmtp_recv_interopmsg(session, skb);
return;
Expand Down

0 comments on commit 2ec58fb

Please sign in to comment.