[PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The Supported Commands is a 64 octet bit field.
Do not allow to read more then the size.
---
 tools/parser/csr.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/parser/csr.c b/tools/parser/csr.c
index a0a4eb5fe..d14830821 100644
--- a/tools/parser/csr.c
+++ b/tools/parser/csr.c
@@ -145,6 +145,11 @@ static inline void commands_dump(int level, char *str, struct frame *frm)
 	unsigned char commands[64];
 	unsigned int i;
 
+	if (frm->len > 64) {
+		perror("Read Error");
+		exit(0);
+	}
+
 	memcpy(commands, frm->ptr, frm->len);
 
 	p_indent(level, frm);
-- 
2.16.2

--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux