Lipasto

Diff between cf0807db844deda931594dd7b8f8560239eed873 and b4c1daad20ed8cd9895cbd66c85720f0bdcc142e

Changed Files

File	Additions	Deletions	Status
mgmt/main.c	+11	-0	modified

Full Patch

diff --git a/mgmt/main.c b/mgmt/main.c
index 37e0bdd..6090eed 100644
--- a/mgmt/main.c
+++ b/mgmt/main.c
@@ -431,6 +431,11 @@ static void info_rsp(int mgmt_sk, uint16_t op, uint16_t id, uint8_t status,
 		exit(EXIT_FAILURE);
 	}
 
+	if (len < sizeof(*rp)) {
+		fprintf(stderr, "Too small info reply (%u bytes)\n", len);
+		exit(EXIT_FAILURE);
+	}
+
 	ba2str(&rp->bdaddr, addr);
 	printf("hci%u:\ttype %u addr %s\n", id, rp->type, addr);
 	printf("\tclass 0x%02x%02x%02x\n",
@@ -517,6 +522,12 @@ static void power_rsp(int mgmt_sk, uint16_t op, uint16_t id, uint8_t status,
 		exit(EXIT_FAILURE);
 	}
 
+	if (len < sizeof(*rp)) {
+		fprintf(stderr, "Too small set_powered response (%u bytes)\n",
+									len);
+		exit(EXIT_FAILURE);
+	}
+
 	printf("hci%u powered %s\n", id, rp->val ? "on" : "off");
 
 	exit(EXIT_SUCCESS);