Fix memory corruption when decoding Read Response PDU A bogus (or hostile) Proximity Reporter device may send a TX Power value bigger than the buffer used. Therefore, create a temporary buffer with the maximum size, and check for the length before using the value. Note that all other current users of the dec_read_resp() already do this. Another option would be to change dec_read_resp() to accept a buffer length, but this would break external code, so it is avoided for now.

Diffstat

1 files changed, 8 insertions(+), 3 deletions(-)