OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f71ff18
)
Check GATT notification len
author
Hansong Zhang
<hsz@google.com>
Thu, 28 Mar 2019 00:02:09 +0000
(17:02 -0700)
committer
Hansong Zhang
<hsz@google.com>
Thu, 28 Mar 2019 00:02:09 +0000
(17:02 -0700)
Bug:
123584306
Test: POC
Change-Id: I082b1dc015306980f6e55262b2b58d7140e89bea
stack/gatt/gatt_cl.cc
patch
|
blob
|
history
diff --git
a/stack/gatt/gatt_cl.cc
b/stack/gatt/gatt_cl.cc
index
2650a30
..
27a4f4f
100644
(file)
--- a/
stack/gatt/gatt_cl.cc
+++ b/
stack/gatt/gatt_cl.cc
@@
-627,6
+627,10
@@
void gatt_process_notification(tGATT_TCB& tcb, uint8_t op_code, uint16_t len,
memset(&value, 0, sizeof(value));
STREAM_TO_UINT16(value.handle, p);
value.len = len - 2;
+ if (value.len > GATT_MAX_ATTR_LEN) {
+ LOG(ERROR) << "value.len larger than GATT_MAX_ATTR_LEN, discard";
+ return;
+ }
memcpy(value.value, p, value.len);
if (!GATT_HANDLE_IS_VALID(value.handle)) {
OSDN Git Service
