From 7ad34bdbb967b1d17d32a8b2e3527fda0d9be734 Mon Sep 17 00:00:00 2001
From: Lukasz Rymanowski <lukasz.rymanowski@tieto.com>
Date: Tue, 8 Apr 2014 11:22:25 +0200
Subject: [PATCH] android/gatt: Add msg size check for get included service

---
 android/gatt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/android/gatt.c b/android/gatt.c
index f9d678c9e..3bac0fea5 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -1264,6 +1264,13 @@ static void handle_client_get_included_service(const void *buf, uint16_t len)
 
 	DBG("");
 
+	if (len != sizeof(*cmd) + (cmd->number * sizeof(cmd->srvc_id[0]))) {
+		error("Invalid get incl services size (%u bytes), terminating",
+									len);
+		raise(SIGTERM);
+		return;
+	}
+
 	device = find_device_by_conn_id(cmd->conn_id);
 	if (!device) {
 		status = HAL_STATUS_FAILED;
-- 
2.47.3