diff options
author | Andrei Emeltchenko <andrei.emeltchenko@intel.com> | 2012-05-29 13:59:12 +0300 |
---|---|---|
committer | Johan Hedberg <johan.hedberg@intel.com> | 2012-06-05 06:34:13 +0300 |
commit | a28381dc9ca3e54b0678e2cd7c68c1afb2d7cc76 (patch) | |
tree | de2a390f7515578fea1421039c9efe256ed48f41 | |
parent | 47f2d97d38816aaca94c9b6961c6eff1cfcd0bd6 (diff) | |
download | op-kernel-dev-a28381dc9ca3e54b0678e2cd7c68c1afb2d7cc76.zip op-kernel-dev-a28381dc9ca3e54b0678e2cd7c68c1afb2d7cc76.tar.gz |
Bluetooth: A2MP: Process A2MP Get AMP Assoc Request
Example trace when receiving AMP Assoc Request with wrong AMP id.
...
> ACL data: handle 11 flags 0x02 dlen 13
A2MP: Get AMP Assoc req: id 238
< ACL data: handle 11 flags 0x00 dlen 14
A2MP: Get AMP Assoc rsp: id 238 status (1) Invalid Controller ID
assoc data:
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
-rw-r--r-- | net/bluetooth/a2mp.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c index 350088e..b8eeb33 100644 --- a/net/bluetooth/a2mp.c +++ b/net/bluetooth/a2mp.c @@ -211,6 +211,38 @@ static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb, return 0; } +static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb, + struct a2mp_cmd *hdr) +{ + struct a2mp_amp_assoc_req *req = (void *) skb->data; + struct hci_dev *hdev; + + if (le16_to_cpu(hdr->len) < sizeof(*req)) + return -EINVAL; + + BT_DBG("id %d", req->id); + + hdev = hci_dev_get(req->id); + if (!hdev || hdev->amp_type == HCI_BREDR) { + struct a2mp_amp_assoc_rsp rsp; + rsp.id = req->id; + rsp.status = A2MP_STATUS_INVALID_CTRL_ID; + + a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp), + &rsp); + goto clean; + } + + /* Placeholder for HCI Read AMP Assoc */ + +clean: + if (hdev) + hci_dev_put(hdev); + + skb_pull(skb, sizeof(*req)); + return 0; +} + /* Handle A2MP signalling */ static int a2mp_chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) { @@ -253,6 +285,9 @@ static int a2mp_chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) break; case A2MP_GETAMPASSOC_REQ: + err = a2mp_getampassoc_req(mgr, skb, hdr); + break; + case A2MP_CREATEPHYSLINK_REQ: case A2MP_DISCONNPHYSLINK_REQ: case A2MP_CHANGE_RSP: |