Commit f2f84a70 authored by Luiz Augusto von Dentz's avatar Luiz Augusto von Dentz
Browse files

Bluetooth: hci_conn: Fix not allowing valid CIS ID 



Only the number of CIS shall be limited to 0x1f, the CIS ID in the
other hand is up to 0xef.

Fixes: 26afbd82 ("Bluetooth: Add initial implementation of CIS connections")
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
parent 16e3b642

net/bluetooth/hci_conn.c

+6 −3
Original line number Diff line number Diff line
@@ -1846,9 +1846,12 @@ static bool hci_le_set_cig_params(struct hci_conn *conn, struct bt_iso_qos *qos) 
		cis_add(&data, qos);

	}



	/* Reprogram all CIS(s) with the same CIG */

	for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0x11;

	     data.cis++) {

	/* Reprogram all CIS(s) with the same CIG, valid range are:

	 * num_cis: 0x00 to 0x1F

	 * cis_id: 0x00 to 0xEF

	 */

	for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0 &&

	     data.pdu.cp.num_cis < ARRAY_SIZE(data.pdu.cis); data.cis++) {

		data.count = 0;



		hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,