Bluetooth: Controller: Ignore PDU with RFU field set

Ignore received Extended Advertising PDU with RFU field set
in the Common Extended Advertising Payload Format of the
PDU.

Signed-off-by: Vinayak Kariappa Chettimada <[email protected]>

Author: cvinayak

subsys/bluetooth/controller/ll_sw/pdu.h

@@ -251,9 +251,9 @@ struct pdu_adv_ext_hdr {
 	uint8_t aux_ptr:1;
 	uint8_t sync_info:1;
 	uint8_t tx_pwr:1;
-	uint8_t rfu1:1;
+	uint8_t rfu:1;
 #elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-	uint8_t rfu1:1;
+	uint8_t rfu:1;
 	uint8_t tx_pwr:1;
 	uint8_t sync_info:1;
 	uint8_t aux_ptr:1;

subsys/bluetooth/controller/ll_sw/ull_scan_aux.c

@@ -245,6 +245,15 @@ void ull_scan_aux_setup(memq_link_t *link, struct node_rx_hdr *rx)
 	}
 
 	h = (void *)p->ext_hdr_adv_data;
+
+	/* Regard PDU as invalid if a RFU field is set, we do not know the
+	 * size of this future field, hence will cause incorrect calculation of
+	 * offset to ACAD field.
+	 */
+	if (h->rfu) {
+		goto ull_scan_aux_rx_flush;
+	}
+
 	ptr = h->data;
 
 	if (h->adv_addr) {