This makes HAL IPC code verify error reply before processing it. It
also verify if success status was reported according to IPC spec.
---
android/hal-ipc.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/android/hal-ipc.c b/android/hal-ipc.c
index 026e245..5155e04 100644
--- a/android/hal-ipc.c
+++ b/android/hal-ipc.c
@@ -367,6 +367,17 @@ int hal_ipc_cmd(uint8_t service_id, uint8_t opcode, uint16_t len, void *param,
if (cmd.opcode == HAL_OP_STATUS) {
struct hal_status *s = rsp;
+
+ if (sizeof(*s) != cmd.len) {
+ error("Invalid status length, aborting");
+ exit(EXIT_FAILURE);
+ }
+
+ if (s->code == HAL_STATUS_SUCCESS) {
+ error("Invalid success status response, aborting");
+ exit(EXIT_FAILURE);
+ }
+
return s->code;
}
--
1.8.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
