lib: Fix buffer overflow when processing SDP response rsp_count is either read or calculated from untrusted input, and therefore needs to be checked before being used as offset. The "plen" variable is appropriate because it is calculated as the sum of fixed and variable length fields, excluding the continuation state field, which has at least 1 byte for its own length field.

Diffstat

1 files changed, 11 insertions(+), 0 deletions(-)