mgmt: Fix new_key event content validation This patch adds some stricter checks for the new_key management interface event.

commit: 85545779894a38d7ead21be666b5994e3f733365 [log] [tgz]
author: Johan Hedberg <johan.hedberg@nokia.com> Mon Jan 24 11:49:49 2011 +0200
committer: Jaikumar Ganesh <jaikumar@google.com> Thu Mar 10 16:48:14 2011 -0800
tree: 241cb8708fd54209dc182b4dcc532e05da58c0ef
parent: ba704c76c8250508d98789208d970488066b386f [diff]
diff --git a/plugins/mgmtops.c b/plugins/mgmtops.c
index ed82f8b..51a4c93 100644
--- a/plugins/mgmtops.c
+++ b/plugins/mgmtops.c

@@ -424,20 +424,28 @@
 	struct controller_info *info;
 	uint16_t index;
 
-	if (len < sizeof(*ev)) {
-		error("Too small new_key event");
+	if (len != sizeof(*ev)) {
+		error("new_key event size mismatch (%zu != %zu)",
+							len, sizeof(*ev));
 		return;
 	}
 
 	index = btohs(bt_get_unaligned(&ev->index));
 
-	DBG("Controller %u new key of type %u", index, ev->key.type);
+	DBG("Controller %u new key of type %u pin_len %u", index,
+					ev->key.type, ev->key.pin_len);
 
 	if (index > max_index) {
 		error("Unexpected index %u in new_key event", index);
 		return;
 	}
 
+	if (ev->key.pin_len > 16) {
+		error("Invalid PIN length (%u) in new_key event",
+							ev->key.pin_len);
+		return;
+	}
+
 	info = &controllers[index];
 
 	btd_event_link_key_notify(&info->bdaddr, &ev->key.bdaddr,
commit	85545779894a38d7ead21be666b5994e3f733365	[log] [tgz]
author	Johan Hedberg <johan.hedberg@nokia.com>	Mon Jan 24 11:49:49 2011 +0200
committer	Jaikumar Ganesh <jaikumar@google.com>	Thu Mar 10 16:48:14 2011 -0800
tree	241cb8708fd54209dc182b4dcc532e05da58c0ef
parent	ba704c76c8250508d98789208d970488066b386f [diff]