From a48d9dedf2bf9aabf0b9d3d5f1386e5d6770b2f2 Mon Sep 17 00:00:00 2001
From: Johan Hedberg <johan.hedberg@intel.com>
Date: Thu, 6 Oct 2011 12:36:49 +0300
Subject: [PATCH] hcidump: Fix crash with invalid L2CAP frame sizes

Reported by Jukka Taimisto <jukka.taimisto@codenomicon.com>
---
 tools/parser/l2cap.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/parser/l2cap.c b/tools/parser/l2cap.c
index fa41f2ab3..9fad9bee2 100644
--- a/tools/parser/l2cap.c
+++ b/tools/parser/l2cap.c
@@ -1094,6 +1094,12 @@ void l2cap_dump(int level, struct frame *frm)
 		hdr  = frm->ptr;
 		dlen = btohs(hdr->len);
 
+		if (dlen + L2CAP_HDR_SIZE < (int) frm->len) {
+			/* invalid frame */
+			raw_dump(level,frm);
+			return;
+		}
+
 		if ((int) frm->len == (dlen + L2CAP_HDR_SIZE)) {
 			/* Complete frame */
 			l2cap_parse(level, frm);
-- 
2.47.3