Hi Szymon,
On Tue, Jul 09, 2013, Szymon Janc wrote:
> On Wednesday 26 June 2013 22:26:35 Szymon Janc wrote:
> > This is an improved version of recently reverted commit 1796f00e8465.
> > Response size is verified against minimal allowed value only if it is
> > complete response. If response is partial it is allowed by spec that
> > it will be split in arbitrary manner.
> >
> > Verified against Nokia BH217 on which original commit caused
> > regression.
> > ---
> > lib/sdp.c | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/lib/sdp.c b/lib/sdp.c
> > index d8bfc51..54a99b6 100644
> > --- a/lib/sdp.c
> > +++ b/lib/sdp.c
> > @@ -4243,6 +4243,14 @@ int sdp_process(sdp_session_t *session)
> > rsp_count = bt_get_be16(pdata);
> > SDPDBG("Attrlist byte count : %d", rsp_count);
> >
> > + /* Valid range for rsp_count is 0x0002-0xFFFF */
> > + if (t->rsp_concat_buf.data_size == 0 && rsp_count < 0x0002) {
> > + t->err = EPROTO;
> > + SDPERR("Protocol error: invalid AttrList size");
> > + status = SDP_INVALID_PDU_SIZE;
> > + goto end;
> > + }
> > +
> > /*
> > * Number of bytes in the AttributeLists parameter(without
> > * continuation state) + AttributeListsByteCount field size.
>
> ping
Sorry for the delay. The patch has now been pushed upstream. Thanks.
Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
