This patch implements discard of obviously malformed
GATT notification/indication PDUs.
---
attrib/client.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/attrib/client.c b/attrib/client.c
index 0f9ba3e..dc7ee8b 100644
--- a/attrib/client.c
+++ b/attrib/client.c
@@ -272,9 +272,16 @@ static void events_handler(const uint8_t *pdu, uint16_t len,
struct primary *prim;
GSList *lprim, *lchr;
uint8_t opdu[ATT_MAX_MTU];
- guint handle = att_get_u16(&pdu[1]);
+ guint handle;
uint16_t olen;
+ if (len < 3) {
+ DBG("Malformed notif/indic packet (opcode %x)", pdu[0]);
+ return;
+ }
+
+ handle = att_get_u16(&pdu[1]);
+
for (lprim = gatt->primary, prim = NULL, chr = NULL; lprim;
lprim = lprim->next) {
prim = lprim->data;
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
