OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
9e46a39
)
BNEP: Check received frame type
author
Myles Watson
<mylesgw@google.com>
Thu, 11 Jan 2018 22:20:26 +0000
(14:20 -0800)
committer
Moritz Horstmann
<dev@peterzweg.at>
Thu, 8 Mar 2018 13:02:41 +0000
(14:02 +0100)
Bug:
68818034
Test: build
Change-Id: I2b9f32b92d72f226361e6a80f20f9c7ee77f6019
(cherry picked from commit
b910734a55fd3babf71b049d5638bf86f81d7c1e
)
(cherry picked from commit
ae12fc48fa6c7a114234afa055ab1cd630d6da8d
)
stack/bnep/bnep_main.c
patch
|
blob
|
history
diff --git
a/stack/bnep/bnep_main.c
b/stack/bnep/bnep_main.c
index
d9dc116
..
affd8dd
100644
(file)
--- a/
stack/bnep/bnep_main.c
+++ b/
stack/bnep/bnep_main.c
@@
-496,6
+496,12
@@
static void bnep_data_ind (UINT16 l2cap_cid, BT_HDR *p_buf)
type = *p++;
extension_present = type >> 7;
type &= 0x7f;
+ if (type >= sizeof(bnep_frame_hdr_sizes) / sizeof(bnep_frame_hdr_sizes[0])) {
+ BNEP_TRACE_EVENT("BNEP - rcvd frame, bad type: 0x%02x", type);
+ android_errorWriteLog(0x534e4554, "68818034");
+ osi_free(p_buf);
+ return;
+ }
if ((rem_len <= bnep_frame_hdr_sizes[type]) || (rem_len > BNEP_MTU_SIZE))
{
BNEP_TRACE_EVENT ("BNEP - rcvd frame, bad len: %d type: 0x%02x", p_buf->len, type);
OSDN Git Service
