Diff between c8791dd8a5b5c68446c9480a6c390ac708cd1c93 and e320320c372e884645a3e1eb5d69a05ce623b475
Changed Files
| File | Additions | Deletions | Status |
| src/attrib-server.c | +6 | -0 | modified |
Full Patch
diff --git a/src/attrib-server.c b/src/attrib-server.c
index 1c088df..351b7fe 100644
--- a/src/attrib-server.c
+++ b/src/attrib-server.c
@@ -987,6 +987,12 @@ static void channel_handler(const uint8_t *ipdu, uint16_t len,
DBG("op 0x%02x", ipdu[0]);
+ if (len > vlen) {
+ error("Too much data on ATT socket");
+ status = ATT_ECODE_INVALID_PDU;
+ goto done;
+ }
+
switch (ipdu[0]) {
case ATT_OP_READ_BY_GROUP_REQ:
length = dec_read_by_grp_req(ipdu, len, &start, &end, &uuid);