diff options
| author | DoHyun Pyun <dh79.pyun@samsung.com> | 2019-05-16 13:11:28 +0900 |
|---|---|---|
| committer | DoHyun Pyun <dh79.pyun@samsung.com> | 2019-05-17 09:15:58 +0900 |
| commit | cae502f231100477ef38306e34b99cac96eb6862 (patch) | |
| tree | 40401bbbebb9c318bca7d02e84ce130784ff3ea8 | |
| parent | 98cc5736e5c282ef1ef7310aaa3c9b93df3cb12f (diff) | |
| download | bluetooth-cae502f231100477ef38306e34b99cac96eb6862.tar.gz bluetooth-cae502f231100477ef38306e34b99cac96eb6862.tar.bz2 bluetooth-cae502f231100477ef38306e34b99cac96eb6862.zip | |
Add the prevent logic for the abnormal manufacture data
Change-Id: I3c6b976121a634705ed96477b8acdc12c9f63d7d
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
| -rw-r--r-- | src/bluetooth-adapter.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/bluetooth-adapter.c b/src/bluetooth-adapter.c index 0eee5e7..77ef92a 100644 --- a/src/bluetooth-adapter.c +++ b/src/bluetooth-adapter.c @@ -3152,6 +3152,19 @@ int bt_adapter_le_get_scan_result_manufacturer_data(const bt_adapter_le_device_s while (remain_len > 0) { field_len = remain_data[0]; if (remain_data[1] == BT_ADAPTER_LE_ADVERTISING_DATA_MANUFACTURER_SPECIFIC_DATA) { + if (field_len < 3 || (remain_len - 1 < field_len)) { + /* Manufacturer Specific Data (2 or more octets) + - The first 2 octets contain the Company Identifier + Code followed by additional manufacturer specific data + + |field_len|0xff|Company ID (2 bytes)|data (size: field_len - 3| + + And field_len should be smaller than "remain_len - 1" + */ + + return BT_ERROR_NO_DATA; + } + *manufacturer_id = remain_data[3] << 8; *manufacturer_id += remain_data[2]; |