From e320320c372e884645a3e1eb5d69a05ce623b475 Mon Sep 17 00:00:00 2001 From: Johan Hedberg Date: Tue, 28 Jan 2014 20:15:36 +0200 Subject: [PATCH] core: Fix rejecting ATT packets greater than the negotiated MTU --- src/attrib-server.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/attrib-server.c b/src/attrib-server.c index 1c088dfad..351b7fe35 100644 --- a/src/attrib-server.c +++ b/src/attrib-server.c @@ -987,6 +987,12 @@ static void channel_handler(const uint8_t *ipdu, uint16_t len, DBG("op 0x%02x", ipdu[0]); + if (len > vlen) { + error("Too much data on ATT socket"); + status = ATT_ECODE_INVALID_PDU; + goto done; + } + switch (ipdu[0]) { case ATT_OP_READ_BY_GROUP_REQ: length = dec_read_by_grp_req(ipdu, len, &start, &end, &uuid); -- 2.47.3