Check malformed notification/indication PDU This patch implements discard of obviously malformed GATT notification/indication PDUs.

commit: de9dfe2051cf0f91b0207bc838af765dc7f2c0f1 [log] [tgz]
author: Elvis Pfützenreuter <epx@signove.com> Wed Feb 23 09:16:33 2011 -0300
committer: Johan Hedberg <johan.hedberg@nokia.com> Wed Feb 23 11:48:37 2011 -0300
tree: 4570081ddb42e263654a20858f9086d54387b0f1
parent: 9152acfbc7c8547de218c49fc5758de0ec5ffb6d [diff]
diff --git a/attrib/client.c b/attrib/client.c
index 0f9ba3e..2a5436b 100644
--- a/attrib/client.c
+++ b/attrib/client.c

@@ -272,9 +272,17 @@
 	struct primary *prim;
 	GSList *lprim, *lchr;
 	uint8_t opdu[ATT_MAX_MTU];
-	guint handle = att_get_u16(&pdu[1]);
+	guint handle;
 	uint16_t olen;
 
+	if (len < 3) {
+		DBG("Malformed notification/indication packet (opcode 0x%02x)",
+									pdu[0]);
+		return;
+	}
+
+	handle = att_get_u16(&pdu[1]);
+
 	for (lprim = gatt->primary, prim = NULL, chr = NULL; lprim;
 						lprim = lprim->next) {
 		prim = lprim->data;
commit	de9dfe2051cf0f91b0207bc838af765dc7f2c0f1	[log] [tgz]
author	Elvis Pfützenreuter <epx@signove.com>	Wed Feb 23 09:16:33 2011 -0300
committer	Johan Hedberg <johan.hedberg@nokia.com>	Wed Feb 23 11:48:37 2011 -0300
tree	4570081ddb42e263654a20858f9086d54387b0f1
parent	9152acfbc7c8547de218c49fc5758de0ec5ffb6d [diff]