Dial uses variable length data, check if we received as much as was
declared. This fixes two negative ipc-tester cases for hfp-client dial
api call not passing.
---
android/handsfree-client.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/android/handsfree-client.c b/android/handsfree-client.c
index be29952..773ef76 100644
--- a/android/handsfree-client.c
+++ b/android/handsfree-client.c
@@ -97,6 +97,15 @@ static void handle_volume_control(const void *buf, uint16_t len)
static void handle_dial(const void *buf, uint16_t len)
{
+ const struct hal_cmd_hf_client_dial *cmd = buf;
+
+ if (len != sizeof(*cmd) + cmd->number_len) {
+ error("Malformed number data, size (%u bytes), terminating",
+ len);
+ raise(SIGTERM);
+ return;
+ }
+
DBG("Not Implemented");
ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HANDSFREE_CLIENT,
HAL_OP_HF_CLIENT_DIAL, HAL_STATUS_UNSUPPORTED);
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
