From ba1e1810cdff79107a407a1c529f870bcbf5ff58 Mon Sep 17 00:00:00 2001
From: Jakub Tyszkowski <jakub.tyszkowski@tieto.com>
Date: Fri, 26 Sep 2014 12:04:15 +0200
Subject: [PATCH] android/handsfree-client: Verify variable length data
 received from IPC

Dial uses variable length data, check if we received as much as was
declared. This fixes two negative ipc-tester cases for hfp-client dial
api call not passing.
---
 android/handsfree-client.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/android/handsfree-client.c b/android/handsfree-client.c
index be2995222..773ef761b 100644
--- a/android/handsfree-client.c
+++ b/android/handsfree-client.c
@@ -97,6 +97,15 @@ static void handle_volume_control(const void *buf, uint16_t len)
 
 static void handle_dial(const void *buf, uint16_t len)
 {
+	const struct hal_cmd_hf_client_dial *cmd = buf;
+
+	if (len != sizeof(*cmd) + cmd->number_len) {
+		error("Malformed number data, size (%u bytes), terminating",
+									len);
+		raise(SIGTERM);
+		return;
+	}
+
 	DBG("Not Implemented");
 	ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HANDSFREE_CLIENT,
 				HAL_OP_HF_CLIENT_DIAL, HAL_STATUS_UNSUPPORTED);
-- 
2.47.3