Bluetooth: Correct length calc in L2CAP conf rsp
authorAndrei Emeltchenko <andrei.emeltchenko@intel.com>
Mon, 12 Mar 2012 10:13:07 +0000 (12:13 +0200)
committerGustavo Padovan <gustavo@padovan.org>
Wed, 9 May 2012 03:41:31 +0000 (00:41 -0300)
cmd->len is in le format so convert it to host format before use.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
net/bluetooth/l2cap_core.c

index 7b8a88f..0914cca 100644 (file)
@@ -2957,14 +2957,14 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
        struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
        u16 scid, flags, result;
        struct l2cap_chan *chan;
-       int len = cmd->len - sizeof(*rsp);
+       int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
 
        scid   = __le16_to_cpu(rsp->scid);
        flags  = __le16_to_cpu(rsp->flags);
        result = __le16_to_cpu(rsp->result);
 
-       BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
-                       scid, flags, result);
+       BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags,
+              result, len);
 
        chan = l2cap_get_chan_by_scid(conn, scid);
        if (!chan)