Hi Lizardo, On Sun, Jan 06, 2013, Anderson Lizardo wrote: > It should not be assumed that remote SDP attributes are in a compliant > format. This fixes a couple of invalid pointer access on invalid data. > --- > profiles/input/device.c | 60 ++++++++++++++++++++++++++++++++++++----------- > 1 file changed, 46 insertions(+), 14 deletions(-) I've applied the first three patches, but this one needs a bit of fixing up: > + if (d->dtd < SDP_SEQ8 || d->dtd > SDP_SEQ32) > + goto invalid_desc; Please always be explicit on what values you're checking for instead of assuming that the reader of the code knows what's contained within some range. In this case there's already a convenient SDP_IS_SEQ() macro you could use. > + if (d->dtd < SDP_SEQ8 || d->dtd > SDP_SEQ32) > + goto invalid_desc; Same here. > + if (!d || d->dtd < SDP_TEXT_STR8 || d->dtd > SDP_TEXT_STR32) > + goto invalid_desc; I suppose the best way to handle this one is to add a SDP_IS_STR() macro (in a separate patch) to lib/sdp.h and then use it in this patch. Johan -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
