Bluetooth: host: Replace length check assert with if statement
A few of the length checks that deal with HCI packets coming from the controller were using assert statements. But the recommended practice is to drop invalid packets and continue execution whenever a malformed packet arrives from an external source, so replace those assert statements with branches that will drop the packet and return. Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This commit is contained in:
parent
8db7be7a6f
commit
ee0314a832
2 changed files with 20 additions and 5 deletions
|
@ -508,8 +508,11 @@ static void hci_acl(struct net_buf *buf)
|
|||
uint8_t flags;
|
||||
|
||||
LOG_DBG("buf %p", buf);
|
||||
|
||||
BT_ASSERT(buf->len >= sizeof(*hdr));
|
||||
if (buf->len < sizeof(*hdr)) {
|
||||
LOG_ERR("Invalid HCI ACL packet size (%u)", buf->len);
|
||||
net_buf_unref(buf);
|
||||
return;
|
||||
}
|
||||
|
||||
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
|
||||
len = sys_le16_to_cpu(hdr->len);
|
||||
|
@ -2650,7 +2653,11 @@ static void hci_event(struct net_buf *buf)
|
|||
{
|
||||
struct bt_hci_evt_hdr *hdr;
|
||||
|
||||
BT_ASSERT(buf->len >= sizeof(*hdr));
|
||||
if (buf->len < sizeof(*hdr)) {
|
||||
LOG_ERR("Invalid HCI event size (%u)", buf->len);
|
||||
net_buf_unref(buf);
|
||||
return;
|
||||
}
|
||||
|
||||
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
|
||||
LOG_DBG("event 0x%02x", hdr->evt);
|
||||
|
@ -3714,7 +3721,11 @@ void hci_event_prio(struct net_buf *buf)
|
|||
|
||||
net_buf_simple_save(&buf->b, &state);
|
||||
|
||||
BT_ASSERT(buf->len >= sizeof(*hdr));
|
||||
if (buf->len < sizeof(*hdr)) {
|
||||
LOG_ERR("Invalid HCI event size (%u)", buf->len);
|
||||
net_buf_unref(buf);
|
||||
return;
|
||||
}
|
||||
|
||||
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
|
||||
evt_flags = bt_hci_evt_get_flags(hdr->evt);
|
||||
|
|
|
@ -105,7 +105,11 @@ void hci_iso(struct net_buf *buf)
|
|||
|
||||
BT_ISO_DATA_DBG("buf %p", buf);
|
||||
|
||||
BT_ASSERT(buf->len >= sizeof(*hdr));
|
||||
if (buf->len < sizeof(*hdr)) {
|
||||
LOG_ERR("Invalid HCI ISO packet size (%u)", buf->len);
|
||||
net_buf_unref(buf);
|
||||
return;
|
||||
}
|
||||
|
||||
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
|
||||
len = bt_iso_hdr_len(sys_le16_to_cpu(hdr->len));
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue