2011-02-23 12:16:33

by Elvis Pfutzenreuter

Subject: [PATCH v2] Check malformed notification/indication PDU

This patch implements discard of obviously malformed
GATT notification/indication PDUs.
---
attrib/client.c | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/attrib/client.c b/attrib/client.c
index 0f9ba3e..2a5436b 100644
--- a/attrib/client.c
+++ b/attrib/client.c
@@ -272,9 +272,17 @@ static void events_handler(const uint8_t *pdu, uint16_t len,
struct primary *prim;
GSList *lprim, *lchr;
uint8_t opdu[ATT_MAX_MTU];
- guint handle = att_get_u16(&pdu[1]);
+ guint handle;
uint16_t olen;

+ if (len < 3) {
+ DBG("Malformed notification/indication packet (opcode 0x%02x)",
+ pdu[0]);
+ return;
+ }
+
+ handle = att_get_u16(&pdu[1]);
+
for (lprim = gatt->primary, prim = NULL, chr = NULL; lprim;
lprim = lprim->next) {
prim = lprim->data;
--
1.7.1

2011-02-23 14:49:26

by Johan Hedberg

Subject: Re: [PATCH v2] Check malformed notification/indication PDU

Hi Elvis,

On Wed, Feb 23, 2011, Elvis Pf??tzenreuter wrote:
> This patch implements discard of obviously malformed
> GATT notification/indication PDUs.
> ---
> attrib/client.c | 10 +++++++++-
> 1 files changed, 9 insertions(+), 1 deletions(-)

Pushed upstream. Thanks.

Johan