korg/bluez
0
0
Fork 0
mirror of https://git.kernel.org/pub/scm/bluetooth/bluez.git synced 2024-11-25 13:14:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

lib: Add range check for SDP_SVC_ATTR_RSP/SDP_SVC_SEARCH_ATTR_RSP

Browse Source 
According to SDP spec, the byte count fields for these PDUs have a valid
range of 0x0002-0xFFFF.
This commit is contained in:
Anderson Lizardo 2013-02-03 21:20:44 -04:00 committed by Johan Hedberg
parent 870fe03a79
commit 1796f00e84
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/sdp.c
View File

@ -4169,6 +4169,14 @@ int sdp_process(sdp_session_t *session)
rsp_count = bt_get_be16(pdata);
SDPDBG("Attrlist byte count : %d\n", rsp_count);
/* Valid range for rsp_count is 0x0002-0xFFFF */
if (rsp_count < 0x0002) {
t->err = EPROTO;
SDPERR("Protocol error: invalid AttrList size");
status = SDP_INVALID_PDU_SIZE;
goto end;
}
/*
* Number of bytes in the AttributeLists parameter(without
* continuation state) + AttributeListsByteCount field size.