zara
/
zephyr
mirror of https://github.com/zephyrproject-rtos/zephyr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Bluetooth: RFCOMM: Fix MTU calculation in rfcomm_connected 

The MTU calculation in rfcomm_connected() was incorrectly adding the FCS
size instead of subtracting it.
This could lead to buffer overflows when sending data that exceeds
the actual available space.

Fix the calculation by properly subtracting both the RFCOMM header size and
the FCS size from the L2CAP MTU to get the correct RFCOMM session MTU.

Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
pull/88157/merge
Jiawei Yang 2 weeks ago committed by Dan Kalowsky
parent
79204ecc71
commit
c0b1ed0682
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      subsys/bluetooth/host/classic/rfcomm.c

2
subsys/bluetooth/host/classic/rfcomm.c
Unescape View File

@ -430,7 +430,7 @@ static void rfcomm_connected(struct bt_l2cap_chan *chan) @@ -430,7 +430,7 @@ static void rfcomm_connected(struct bt_l2cap_chan *chan)
/* Need to include UIH header and FCS*/
session->mtu = MIN(session->br_chan.rx.mtu,
session->br_chan.tx.mtu) -
BT_RFCOMM_HDR_SIZE + BT_RFCOMM_FCS_SIZE;
BT_RFCOMM_HDR_SIZE - BT_RFCOMM_FCS_SIZE;
if (session->state == BT_RFCOMM_STATE_CONNECTING) {
rfcomm_send_sabm(session, 0);

Write Preview
Loading…
Cancel
Save