From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
---
monitor/avctp.c | 48 +++++++++++++++++++++---------------------------
monitor/sdp.c | 12 +++++-------
2 files changed, 26 insertions(+), 34 deletions(-)
diff --git a/monitor/avctp.c b/monitor/avctp.c
index 5543a49..64d4b58 100644
--- a/monitor/avctp.c
+++ b/monitor/avctp.c
@@ -512,15 +512,13 @@ static bool avrcp_get_capabilities(struct l2cap_frame *frame, uint8_t ctype,
switch (cap) {
case 0x2:
for (; count > 0; count--) {
- uint8_t company[3] = {};
+ uint8_t company[3];
- if (frame->size < 3)
+ if (!l2cap_frame_get_u8(frame, &company[0]) ||
+ !l2cap_frame_get_u8(frame, &company[1]) ||
+ !l2cap_frame_get_u8(frame, &company[2]))
return false;
- l2cap_frame_get_u8(frame, &company[0]);
- l2cap_frame_get_u8(frame, &company[1]);
- l2cap_frame_get_u8(frame, &company[2]);
-
print_field("%*c%s: 0x%02x%02x%02x", (indent - 8), ' ',
cap2str(cap), company[0], company[1],
company[2]);
@@ -645,12 +643,14 @@ static bool avrcp_pdu_packet(struct l2cap_frame *frame, uint8_t ctype,
int i;
const struct avrcp_ctrl_pdu_data *ctrl_pdu_data = NULL;
- if (frame->size < 4)
+ if (!l2cap_frame_get_u8(frame, &pduid))
+ return false;
+
+ if (!l2cap_frame_get_u8(frame, &pt))
return false;
- l2cap_frame_get_u8(frame, &pduid);
- l2cap_frame_get_u8(frame, &pt);
- l2cap_frame_get_be16(frame, &len);
+ if (!l2cap_frame_get_be16(frame, &len))
+ return false;
print_indent(indent, COLOR_OFF, "AVRCP: ", pdu2str(pduid), COLOR_OFF,
" pt %s len 0x%04x", pt2str(pt), len);
@@ -680,13 +680,11 @@ static bool avrcp_control_packet(struct l2cap_frame *frame)
{
uint8_t ctype, address, subunit, opcode, company[3], indent = 2;
- if (frame->size < 3)
+ if (!l2cap_frame_get_u8(frame, &ctype) ||
+ !l2cap_frame_get_u8(frame, &address) ||
+ !l2cap_frame_get_u8(frame, &opcode))
return false;
- l2cap_frame_get_u8(frame, &ctype);
- l2cap_frame_get_u8(frame, &address);
- l2cap_frame_get_u8(frame, &opcode);
-
print_field("AV/C: %s: address 0x%02x opcode 0x%02x",
ctype2str(ctype), address, opcode);
@@ -712,13 +710,11 @@ static bool avrcp_control_packet(struct l2cap_frame *frame)
case 0x7c:
return avrcp_passthrough_packet(frame);
case 0x00:
- if (frame->size < 3)
+ if (!l2cap_frame_get_u8(frame, &company[0]) ||
+ !l2cap_frame_get_u8(frame, &company[1]) ||
+ !l2cap_frame_get_u8(frame, &company[2]))
return false;
- l2cap_frame_get_u8(frame, &company[0]);
- l2cap_frame_get_u8(frame, &company[1]);
- l2cap_frame_get_u8(frame, &company[2]);
-
print_field("%*cCompany ID: 0x%02x%02x%02x", indent, ' ',
company[0], company[1], company[2]);
@@ -764,16 +760,14 @@ void avctp_packet(const struct l2cap_frame *frame)
struct l2cap_frame avctp_frame;
const char *pdu_color;
- if (frame->size < 3) {
+ l2cap_frame_pull(&avctp_frame, frame, 0);
+
+ if (!l2cap_frame_get_u8(&avctp_frame, &hdr) ||
+ !l2cap_frame_get_be16(&avctp_frame, &pid)) {
print_text(COLOR_ERROR, "frame too short");
packet_hexdump(frame->data, frame->size);
return;
- }
-
- l2cap_frame_pull(&avctp_frame, frame, 0);
-
- l2cap_frame_get_u8(&avctp_frame, &hdr);
- l2cap_frame_get_be16(&avctp_frame, &pid);
+ }
if (frame->in)
pdu_color = COLOR_MAGENTA;
diff --git a/monitor/sdp.c b/monitor/sdp.c
index d0ad688..c171b9d 100644
--- a/monitor/sdp.c
+++ b/monitor/sdp.c
@@ -696,18 +696,16 @@ void sdp_packet(const struct l2cap_frame *frame)
const char *pdu_color, *pdu_str;
int i;
- if (frame->size < 5) {
+ l2cap_frame_pull(&sdp_frame, frame, 0);
+
+ if (!l2cap_frame_get_u8(&sdp_frame, &pdu) ||
+ !l2cap_frame_get_be16(&sdp_frame, &tid) ||
+ !l2cap_frame_get_be16(&sdp_frame, &plen)) {
print_text(COLOR_ERROR, "frame too short");
packet_hexdump(frame->data, frame->size);
return;
}
- l2cap_frame_pull(&sdp_frame, frame, 0);
-
- l2cap_frame_get_u8(&sdp_frame, &pdu);
- l2cap_frame_get_be16(&sdp_frame, &tid);
- l2cap_frame_get_be16(&sdp_frame, &plen);
-
if (sdp_frame.size != plen) {
print_text(COLOR_ERROR, "invalid frame size");
packet_hexdump(sdp_frame.data, sdp_frame.size);
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
