From ff78cb83a12dc6d4ca82b684403fa6b700adaa41 Mon Sep 17 00:00:00 2001
From: Johan Hedberg <johan.hedberg@intel.com>
Date: Wed, 29 Jun 2011 16:00:51 +0300
Subject: [PATCH] gobex: Fix length checks in packet decoding

---
 gobex/gobex-packet.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/gobex/gobex-packet.c b/gobex/gobex-packet.c
index 94b302454..a74b129b1 100644
--- a/gobex/gobex-packet.c
+++ b/gobex/gobex-packet.c
@@ -194,7 +194,7 @@ GObexPacket *g_obex_packet_decode(const void *data, gsize len,
 		return NULL;
 	}
 
-	if (len < 3) {
+	if (len < 3 + header_offset) {
 		g_set_error(err, G_OBEX_ERROR, G_OBEX_ERROR_PARSE_ERROR,
 					"Not enough data to decode packet");
 		return NULL;
@@ -219,17 +219,11 @@ GObexPacket *g_obex_packet_decode(const void *data, gsize len,
 	if (header_offset == 0)
 		goto headers;
 
-	if (3 + header_offset < len) {
-		g_set_error(err, G_OBEX_ERROR, G_OBEX_ERROR_PARSE_ERROR,
-					"Too short packet");
-		goto failed;
-	}
-
 	g_obex_packet_set_data(pkt, buf, header_offset, data_policy);
 	buf += header_offset;
 
 headers:
-	if (!parse_headers(pkt, buf, len - (buf - (guint8 *) data),
+	if (!parse_headers(pkt, buf, len - (3 + header_offset),
 							data_policy, err))
 		goto failed;
 
-- 
2.47.3