From 90fb3a75e35420f5c86a1b8663735083c180c55f Mon Sep 17 00:00:00 2001
From: Szymon Janc <szymon.janc@gmail.com>
Date: Fri, 24 Jan 2014 19:46:33 +0100
Subject: [PATCH] android/bluetooth: Check event length in
 mgmt_auth_failed_event

---
 android/bluetooth.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/android/bluetooth.c b/android/bluetooth.c
index fbe845831..ce69459d4 100644
--- a/android/bluetooth.c
+++ b/android/bluetooth.c
@@ -1280,6 +1280,11 @@ static void mgmt_auth_failed_event(uint16_t index, uint16_t length,
 {
 	const struct mgmt_ev_auth_failed *ev = param;
 
+	if (length < sizeof(*ev)) {
+		error("Too small auth failed mgmt event (%u bytes)", length);
+		return;
+	}
+
 	DBG("");
 
 	set_device_bond_state(&ev->addr.bdaddr, status_mgmt2hal(ev->status),
-- 
2.47.3