Bluetooth: L2CAP: Fix errors during L2CAP_CREDIT_BASED_CONNECTION_REQ (0x17)

Fix 2 typos in L2CAP_CREDIT_BASED_CONNECTION_REQ (0x17) handling function, that
cause BlueZ answer with L2CAP_CR_LE_INVALID_PARAMS or L2CAP_CR_LE_INVALID_SCID
error on a correct ECRED connection request.

Enchanced Credit Based Mode support was recently introduced with the commit
15f02b91056253e8cdc592888f431da0731337b8 ("Bluetooth: L2CAP: Add initial code
for Enhanced Credit Based Mode").

Signed-off-by: Konstantin Forostyan <konstantin.forostyan@peiker-cee.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index fd9d0d0..fe913a5 100644 (file)
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -5927,7 +5927,7 @@ static inline int l2cap_ecred_conn_req(struct l2cap_conn *conn,
        if (!enable_ecred)
                return -EINVAL;
 
-       if (cmd_len < sizeof(*req) || cmd_len - sizeof(*req) % sizeof(u16)) {
+       if (cmd_len < sizeof(*req) || (cmd_len - sizeof(*req)) % sizeof(u16)) {
                result = L2CAP_CR_LE_INVALID_PARAMS;
                goto response;
        }
@@ -5964,7 +5964,7 @@ static inline int l2cap_ecred_conn_req(struct l2cap_conn *conn,
        }
 
        result = L2CAP_CR_LE_SUCCESS;
-       cmd_len -= sizeof(req);
+       cmd_len -= sizeof(*req);
        num_scid = cmd_len / sizeof(u16);
 
        for (i = 0; i < num_scid; i++) {