michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Return error if app gives invalid AD data

Browse source 
It's not a good idea to silently truncate the data if we got a too
large array from the app.

Change-Id: Ie4541599c6846efd53c81310c8d1e4dd5ec00cee
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
Johan Hedberg 2016-01-14 18:04:45 +02:00 committed by Anas Nashif
commit 41e7ebfb72
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
net/bluetooth/hci_core.c
View file

@ -2360,7 +2360,8 @@ static int set_ad(uint16_t hci_op, const struct bt_data *ad, size_t ad_len)
for (i = 0; i < ad_len; i++) {
/* Check if ad fit in the remaining buffer */
if (set_data->len + ad[i].data_len + 2 > 31) {
break;
net_buf_unref(buf);
return -EINVAL;
}
set_data->data[set_data->len++] = ad[i].data_len + 1;