This patch implements discard of obviously malformed
GATT notification/indication PDUs.
---
attrib/client.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/attrib/client.c b/attrib/client.c
index 0f9ba3e..dc7ee8b 100644
--- a/attrib/client.c
+++ b/attrib/client.c
@@ -272,9 +272,16 @@ static void events_handler(const uint8_t *pdu, uint16_t len,
struct primary *prim;
GSList *lprim, *lchr;
uint8_t opdu[ATT_MAX_MTU];
- guint handle = att_get_u16(&pdu[1]);
+ guint handle;
uint16_t olen;
+ if (len < 3) {
+ DBG("Malformed notif/indic packet (opcode %x)", pdu[0]);
+ return;
+ }
+
+ handle = att_get_u16(&pdu[1]);
+
for (lprim = gatt->primary, prim = NULL, chr = NULL; lprim;
lprim = lprim->next) {
prim = lprim->data;
--
1.7.1
Hi Elvis,
On Wed, Feb 23, 2011 at 8:56 AM, Elvis Pf?tzenreuter <[email protected]> wrote:
> This patch implements discard of obviously malformed
> GATT notification/indication PDUs.
> ---
> ?attrib/client.c | ? ?9 ++++++++-
> ?1 files changed, 8 insertions(+), 1 deletions(-)
>
> diff --git a/attrib/client.c b/attrib/client.c
> index 0f9ba3e..dc7ee8b 100644
> --- a/attrib/client.c
> +++ b/attrib/client.c
> @@ -272,9 +272,16 @@ static void events_handler(const uint8_t *pdu, uint16_t len,
> ? ? ? ?struct primary *prim;
> ? ? ? ?GSList *lprim, *lchr;
> ? ? ? ?uint8_t opdu[ATT_MAX_MTU];
> - ? ? ? guint handle = att_get_u16(&pdu[1]);
> + ? ? ? guint handle;
> ? ? ? ?uint16_t olen;
>
> + ? ? ? if (len < 3) {
> + ? ? ? ? ? ? ? DBG("Malformed notif/indic packet (opcode %x)", pdu[0]);
> + ? ? ? ? ? ? ? return;
> + ? ? ? }
> +
> + ? ? ? handle = att_get_u16(&pdu[1]);
> +
Patch looks fine, I'd only like to suggest using
"notification/indication" instead of abbreviations, and "0x%02x" for
the opcode format.
Regards,
--
Anderson Lizardo
Instituto Nokia de Tecnologia - INdT
Manaus - Brazil