btdev: Fix set PA data array overflow This fixes an array overflow that can happen if the user issues the LE Set Periodic Advertising Data command with data length exceeding 31 bytes. The PA data set by the user is copied in an array of fixed length (31 bytes). However, the data length might exceed 31 bytes. This will cause an array overflow when the PA data is later processed (for instance, when sending PA reports). According to specification, the data length provided at LE Set Periodic Advertising Data command can be maximum 252 bytes. The stored data len should also be true to the length copied in the array.

Diffstat

1 files changed, 10 insertions(+), 4 deletions(-)