Skip to content
Commit a8f47a11 authored by Thomas Stenersen's avatar Thomas Stenersen Committed by Johan Hedberg
Browse files

Bluetooth: host: Support fragmented L2CAP header 



Fixes issue #26900.

A controller may fragment an L2CAP SDUs in any way it sees fit,
including fragmenting the L2CAP header. Likewise, the receiving
controller may send the fragmented header as ACL data to the host.

The Zephyr host assumed that a `BT_ACL_START` was at least 2 bytes long,
and consequently read the two-byte length field from the buffer without
length checks.

This commit allows the `BT_ACL_START` to be less than two bytes,
updating the `conn->rx_len` onces the `BT_ACL_CONT` with the remaining
part of the length field has been received.

Signed-off-by: default avatarThomas Stenersen <thomas.stenersen@nordicsemi.no>
parent cccfea24
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment

CRA Git | Maintained and supported by SUSTech CRA and CCSE