Hi Johan, > I've pushed the six other patches upstream, but I'm still a bit > concerned with this one. > Thanks :) > > Then, a more general concern about this function. It will receive data > as input that any nearby device that's discoverable has declared in > their EIR data. I.e. we need to be super strict about checking the > validity of the data and not make any assumptions about the correctness > of encoded field lengths etc. in order not to do buffer overflows. Have > you taken this into account when designing the function? Looking at it > it seems it might be possible to give it data that will cause some > buffer overflows (by e.g. placing a uuid list at the very end of the EIR > data with an invalid field length value). > I agree. Adding few more checks there. Will send a new patch today. Inga -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
