Re: [PATCH BlueZ] Add support for parsing the remote name during LE Scan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Vinicius,

On Thu, Oct 13, 2011, Vinicius Costa Gomes wrote:
> +	while (len < HCI_MAX_EIR_LENGTH - 1) {
> +		uint8_t field_len = eir_data[0];
> +
> +		/* Check for the end of EIR */
> +		if (field_len == 0)
> +			break;

I suppose there should also be a check for:

	if (len + field_len > HCI_MAX_EIR_LENGTH)
		goto failed;

Otherwise you're gonna access past the end of the eir_data buffer when
you do the memcpy later.

> +
> +		switch (eir_data[1]) {
> +		case EIR_NAME_SHORT:
> +		case EIR_NAME_COMPLETE:
> +			if (field_len > HCI_MAX_NAME_LENGTH)
> +				goto failed;

If you add the if-statement I suggested earlier you can remove this one
(since it becomes redundant).

> +
> +			memcpy(name, &eir_data[2], field_len - 1);
> +			return;
> +		}
> +
> +		len += field_len + 1;
> +		eir_data += field_len + 1;
> +	}
> +
> +failed:
> +	sprintf(name, "(unknown)");
> +	return;
> +}

Please remove the unnecessary return statement here.

Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux