korg/bluez
0
0
Fork 0
mirror of https://git.kernel.org/pub/scm/bluetooth/bluez.git synced 2024-11-16 00:34:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

emulator/bthost: Check length of received RFCOMM DISC frame

Browse Source 
Don't access rfcomm_hdr struct and ignore if frame is too short.
This commit is contained in:
Marcin Kraglak 2014-02-11 11:50:59 +01:00 committed by Johan Hedberg
parent b2b4716b3c
commit fba18071c6
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
emulator/bthost.c
View File

@ -1604,7 +1604,12 @@ static void rfcomm_disc_recv(struct bthost *bthost, struct btconn *conn,
uint16_t len)
{
const struct rfcomm_cmd *hdr = data;
uint8_t dlci = RFCOMM_GET_DLCI(hdr->address);
uint8_t dlci;
if (len < sizeof(*hdr))
return;
dlci = RFCOMM_GET_DLCI(hdr->address);
rfcomm_ua_send(bthost, conn, l2conn, 0, dlci);
}