diff options
author | Marcel Holtmann <marcel@holtmann.org> | 2015-10-20 22:07:19 +0200 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2015-10-20 22:07:19 +0200 |
commit | e97975afd1e051d77acd870b4f0736b7aac5f60d (patch) | |
tree | 451ddda17dd8bbe821994247eef3079d49de74b3 | |
parent | c6655ce871d4c963c11cab5408fab74e12bfc008 (diff) | |
download | bluez-e97975afd1e051d77acd870b4f0736b7aac5f60d.tar.gz |
monitor: Check length when decoding extended LMP opcodes
-rw-r--r-- | monitor/lmp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/monitor/lmp.c b/monitor/lmp.c index d246776a1..e7e6b25fc 100644 --- a/monitor/lmp.c +++ b/monitor/lmp.c @@ -852,6 +852,11 @@ void lmp_packet(const void *data, uint8_t size, bool padded) switch (opcode) { case 127: + if (size < 2) { + print_text(COLOR_ERROR, "extended opcode too short"); + packet_hexdump(data, size); + return; + } opcode = LMP_ESC4(((const uint8_t *) data)[1]); off = 2; break; |