From 13ba9a3622b20c9a4a8201078bd285be2789c6a7 Mon Sep 17 00:00:00 2001
From: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Date: Thu, 17 Apr 2014 01:10:32 +0200
Subject: [PATCH] android/gatt: Add IPC message verification for service_search

---
 android/gatt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/android/gatt.c b/android/gatt.c
index aa258f195..e33978981 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -1458,6 +1458,13 @@ static void handle_client_search_service(const void *buf, uint16_t len)
 
 	DBG("");
 
+	if (len != sizeof(*cmd) + (cmd->filtered ? 16 : 0)) {
+		error("Invalid search service size (%u bytes), terminating",
+									len);
+		raise(SIGTERM);
+		return;
+	}
+
 	dev = find_device_by_conn_id(cmd->conn_id);
 	if (!dev) {
 		error("gatt: dev with conn_id=%d not found", cmd->conn_id);
-- 
2.47.3