aboutsummaryrefslogtreecommitdiffstats
path: root/attrib/client.c
diff options
context:
space:
mode:
authorElvis Pfützenreuter <epx@signove.com>2011-02-23 09:16:33 -0300
committerJohan Hedberg <johan.hedberg@nokia.com>2011-02-23 11:48:37 -0300
commitde9dfe2051cf0f91b0207bc838af765dc7f2c0f1 (patch)
tree4570081ddb42e263654a20858f9086d54387b0f1 /attrib/client.c
parent9152acfbc7c8547de218c49fc5758de0ec5ffb6d (diff)
downloadbluez-de9dfe2051cf0f91b0207bc838af765dc7f2c0f1.tar.gz
bluez-de9dfe2051cf0f91b0207bc838af765dc7f2c0f1.tar.xz
bluez-de9dfe2051cf0f91b0207bc838af765dc7f2c0f1.zip
Check malformed notification/indication PDU
This patch implements discard of obviously malformed GATT notification/indication PDUs.
Diffstat (limited to 'attrib/client.c')
-rw-r--r--attrib/client.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/attrib/client.c b/attrib/client.c
index 0f9ba3ea..2a5436bd 100644
--- a/attrib/client.c
+++ b/attrib/client.c
@@ -272,9 +272,17 @@ static void events_handler(const uint8_t *pdu, uint16_t len,
struct primary *prim;
GSList *lprim, *lchr;
uint8_t opdu[ATT_MAX_MTU];
- guint handle = att_get_u16(&pdu[1]);
+ guint handle;
uint16_t olen;
+ if (len < 3) {
+ DBG("Malformed notification/indication packet (opcode 0x%02x)",
+ pdu[0]);
+ return;
+ }
+
+ handle = att_get_u16(&pdu[1]);
+
for (lprim = gatt->primary, prim = NULL, chr = NULL; lprim;
lprim = lprim->next) {
prim = lprim->data;