summaryrefslogtreecommitdiff
path: root/src/bluetooth-adapter.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/bluetooth-adapter.c')
-rw-r--r--src/bluetooth-adapter.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/bluetooth-adapter.c b/src/bluetooth-adapter.c
index 0eee5e7..77ef92a 100644
--- a/src/bluetooth-adapter.c
+++ b/src/bluetooth-adapter.c
@@ -3152,6 +3152,19 @@ int bt_adapter_le_get_scan_result_manufacturer_data(const bt_adapter_le_device_s
while (remain_len > 0) {
field_len = remain_data[0];
if (remain_data[1] == BT_ADAPTER_LE_ADVERTISING_DATA_MANUFACTURER_SPECIFIC_DATA) {
+ if (field_len < 3 || (remain_len - 1 < field_len)) {
+ /* Manufacturer Specific Data (2 or more octets)
+ - The first 2 octets contain the Company Identifier
+ Code followed by additional manufacturer specific data
+
+ |field_len|0xff|Company ID (2 bytes)|data (size: field_len - 3|
+
+ And field_len should be smaller than "remain_len - 1"
+ */
+
+ return BT_ERROR_NO_DATA;
+ }
+
*manufacturer_id = remain_data[3] << 8;
*manufacturer_id += remain_data[2];
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 12:11:46 +0000