CVS: The file 'linux/drivers/char/bluetooth/l2cap.c' has been modified.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

The following file was modified in linux/drivers/char/bluetooth:

Name            Old version     New version     Comment
----            -----------     -----------     -------
l2cap.c         1.102           1.103=20=20=20=20=20=20=20=20=20=20=20

The accompanying log:

--Mattias Agren's REAL fix for the NULL pointer dereference in process_event


The diff of the modified file(s):

--- l2cap.c	2001/04/19 14:37:33	1.102
+++ l2cap.c	2001/04/20 17:19:06	1.103
@@ -932,19 +932,20 @@
 		opt_len =3D rsp->len - sizeof(sig_cmdreject);
 		switch (cmdreject->reason) {
 		case 0:
-			D_STATE(__FUNCTION__ ": Command not understood\n");=20
+			D_ERR(__FUNCTION__ ": Command not understood\n");=20
 			break;
=20=20=20=20=20=20=20=20=20=20=20=20
 		case 1:
-			D_STATE(__FUNCTION__ ": Signalling MTU exceeded\n");
+			D_ERR(__FUNCTION__ ": Signalling MTU exceeded\n");
 			break;
=20=20=20=20=20=20=20=20=20=20=20=20
 		case 2:
-			D_STATE(__FUNCTION__ ": Invalid CID in request\n");
+			D_ERR(__FUNCTION__ ": Invalid CID in request\n");
 			break;
=20=20=20=20=20=20=20=20=20=20=20=20
 		default:
-			D_STATE(__FUNCTION__ ": Not recognized cmd reject reason\n");
+			D_ERR(__FUNCTION__ ": Unrecognized cmd reject "\
+			      "reason\n");
 			break;
 		}
=20=09=09
@@ -952,22 +953,14 @@
 			print_data(__FUNCTION__ ": optional data : ",=20
 				 cmdreject->data, rsp->len-2);
=20
-		/* Find connection -- note that I'm not sure this is the right thing
-		   to do here. I just wanted to make sure we don't try to dereference
-		   a null 'con' pointer like we used to do. Mattias Agren promised
-		   to check in a real fix when he brings some other changes in.
-		   --gmcnutt (4/19/01)
-		 */
-		if ((conrsp =3D (sig_conrsp *)rsp->data) =3D=3D NULL) {
-			D_ERR(__FUNCTION__ ": no response data\n");
-			return;
-		}
+		/* find connection object using id field */
=20
-		if ((con =3D get_lcon(conrsp->src_cid)) =3D=3D NULL) {
-			D_ERR(__FUNCTION__ ": no connection\n");
-			return;
-		}
+                con =3D get_first_con();
+=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
+                while (con && (con->sig_id_sent !=3D rsp->id))
+			con =3D get_next_con(con);
=20
+                if (con) {=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20
 		/* fixme -- set 'real' reason code */
 		con->c_status =3D CSTATUS_CMDREJECT;
=20=09=09
@@ -976,6 +969,9 @@
 #ifdef CONFIG_BLUETOOTH_L2CAP_USE_TIMERS=09=09
 		disable_rtx(con);
 #endif
+		} else
+			D_ERR(__FUNCTION__ ": Could not find an l2cap "\
+			      "connection for this ID\n");
 		break;
=20=20=20=20=20=20=20=20
 	case SIG_CONRSP:


