Hi,
On Tue, Mar 20, 2018 at 9:07 AM, Cho, Yu-Chen <acho@xxxxxxxx> wrote:
> Fix memory leak with malformed packet.
> ---
> tools/parser/l2cap.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/parser/l2cap.c b/tools/parser/l2cap.c
> index a05796482..8b550f270 100644
> --- a/tools/parser/l2cap.c
> +++ b/tools/parser/l2cap.c
> @@ -1557,6 +1557,12 @@ void l2cap_dump(int level, struct frame *frm)
> hdr = frm->ptr;
> dlen = btohs(hdr->len);
>
> + if ((dlen + L2CAP_HDR_SIZE) > (int) frm->len) {
> + /* malformed frame */
> + perror("Read Error");
> + return;
> + }
> +
So how about we fix this on the next statement which is about the same
check but passes the invalid frame to raw_dump.
> if (dlen + L2CAP_HDR_SIZE < (int) frm->len) {
> /* invalid frame */
> raw_dump(level,frm);
> --
> 2.16.2
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Luiz Augusto von Dentz
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
