Byte cnt range min 0x07 per Core v2.1, sec 4.61 for TP/SERVER/SA/BI-02-C --- src/sdpd-request.c | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/src/sdpd-request.c b/src/sdpd-request.c index 8547939..205b27b 100644 --- a/src/sdpd-request.c +++ b/src/sdpd-request.c @@ -684,6 +684,15 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf) SDPDBG("max_rsp_size : %d", max_rsp_size); /* + * Check that max_rsp_size is within valid range + * a minimum size of 0x0007 has to be used for data field + */ + if (max_rsp_size < 0x0007) { + status = SDP_INVALID_SYNTAX; + goto done; + } + + /* * Calculate Attribute size acording to MTU * We can send only (MTU - sizeof(sdp_pdu_hdr_t) - sizeof(sdp_cont_state_t)) */ -- 1.7.2.2 -- Angela Bartholomaus Sent by an employee of the Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum. -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html