OSDN Git Service

(root) / android-x86 / external-bluetooth-bluez.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d98931) | patch
lib: Fix buffer overflow when processing SDP response
authorAnderson Lizardo <anderson.lizardo@openbossa.org>
Mon, 4 Feb 2013 01:20:43 +0000 (21:20 -0400)
committerJohan Hedberg <johan.hedberg@intel.com>
Fri, 15 Feb 2013 10:36:42 +0000 (12:36 +0200)
commit870fe03a79fa990c40f37f037e9236dba11811e2
treecebeca554650a14485332c9f650f1683ea4f7e1etree | snapshot
parent0d989313b39e52eff0b4ad6d4adf0b3dfbaf1179commit | diff
lib: Fix buffer overflow when processing SDP response

rsp_count is either read or calculated from untrusted input, and
therefore needs to be checked before being used as offset. The "plen"
variable is appropriate because it is calculated as the sum of fixed and
variable length fields, excluding the continuation state field, which
has at least 1 byte for its own length field.
lib/sdp.c diff | blob | history
external/bluetooth/bluez
About OSDN
Find Software
Develop Software
Help