Skip to content

Commit

Permalink
Bluetooth: Fix SDU reassembly under SREJ
Browse files Browse the repository at this point in the history 
The code was reusing the control var without its reinitialization.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
  • Loading branch information
Gustavo F. Padovan authored and Marcel Holtmann committed May 10, 2010
1 parent 0041ecf commit afefdbc
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions net/bluetooth/l2cap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3446,14 +3446,14 @@ static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 co
static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
{
struct sk_buff *skb;
u16 control = 0;
u16 control;

while((skb = skb_peek(SREJ_QUEUE(sk)))) {
if (bt_cb(skb)->tx_seq != tx_seq)
break;

skb = skb_dequeue(SREJ_QUEUE(sk));
control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
l2cap_sar_reassembly_sdu(sk, skb, control);
l2cap_pi(sk)->buffer_seq_srej =
(l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
Expand Down

0 comments on commit afefdbc

Please sign in to comment.