---
android/gatt.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/android/gatt.c b/android/gatt.c
index aa258f1..e339789 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -1458,6 +1458,13 @@ static void handle_client_search_service(const void *buf, uint16_t len)
DBG("");
+ if (len != sizeof(*cmd) + (cmd->filtered ? 16 : 0)) {
+ error("Invalid search service size (%u bytes), terminating",
+ len);
+ raise(SIGTERM);
+ return;
+ }
+
dev = find_device_by_conn_id(cmd->conn_id);
if (!dev) {
error("gatt: dev with conn_id=%d not found", cmd->conn_id);
--
1.9.2
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
