OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
53b4093
)
BNEP: Check received frame type
author
Myles Watson
<mylesgw@google.com>
Thu, 11 Jan 2018 22:20:26 +0000
(14:20 -0800)
committer
Ryan Longair
<rlongair@google.com>
Thu, 18 Jan 2018 18:17:56 +0000
(10:17 -0800)
Bug:
68818034
Test: build
Change-Id: I2b9f32b92d72f226361e6a80f20f9c7ee77f6019
(cherry picked from commit
b910734a55fd3babf71b049d5638bf86f81d7c1e
)
stack/bnep/bnep_main.cc
patch
|
blob
|
history
diff --git
a/stack/bnep/bnep_main.cc
b/stack/bnep/bnep_main.cc
index
cf7a911
..
f621fdb
100644
(file)
--- a/
stack/bnep/bnep_main.cc
+++ b/
stack/bnep/bnep_main.cc
@@
-447,6
+447,12
@@
static void bnep_data_ind(uint16_t l2cap_cid, BT_HDR* p_buf) {
type = *p++;
extension_present = type >> 7;
type &= 0x7f;
+ if (type >= sizeof(bnep_frame_hdr_sizes) / sizeof(bnep_frame_hdr_sizes[0])) {
+ BNEP_TRACE_EVENT("BNEP - rcvd frame, bad type: 0x%02x", type);
+ android_errorWriteLog(0x534e4554, "68818034");
+ osi_free(p_buf);
+ return;
+ }
if ((rem_len <= bnep_frame_hdr_sizes[type]) || (rem_len > BNEP_MTU_SIZE)) {
BNEP_TRACE_EVENT("BNEP - rcvd frame, bad len: %d type: 0x%02x", p_buf->len,
type);
OSDN Git Service
