Fix leaks and buffer overflows in EIR parsing By calling g_utf8_validate and allocating eir->name inside the parsing loop the code was exposing itself to buffer overflows and memory leaks. This is because the check for incorrect length fields is only done after exiting the loop (if (len > HCI_MAX_EIR_LENGTH)). By only setting a pointer to the name and doing the processing after checking the length validity both issues can be avoided.

Diffstat

1 files changed, 11 insertions(+), 6 deletions(-)