diff options
| author | Vinicius Costa Gomes <vcgomes@gmail.com> | 2016-08-10 19:14:28 -0300 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2016-08-12 10:53:04 +0300 |
| commit | 7641fc83a9a790b761b0c14852156a6651b7fc34 (patch) | |
| tree | 771a1d48eebf40b49d915eee65a5f1067d0ff3b4 /src/sdpd-server.c | |
| parent | 375d02473fb7f8b90e39bc79001ab6f97a81bd3b (diff) | |
| download | bluez-7641fc83a9a790b761b0c14852156a6651b7fc34.tar.gz | |
core: Fix wrong expectations for the return of recv()
Since commit b5f34f9420b50 "Bluetooth: Fix bt_sock_recvmsg return value"
in the kernel, Bluetooth sockets of type SOCK_SEQPACKET, when read()
will return the size of the packet received, which can be larger than
the the buffer passed by user space.
In this case the problem was causing a disconnection soon after
the reception of an SDP request.
Reported by: Alban Browaeys <prahal@yahoo.com>
Diffstat (limited to 'src/sdpd-server.c')
| -rw-r--r-- | src/sdpd-server.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/sdpd-server.c b/src/sdpd-server.c index c863508df..54de39353 100644 --- a/src/sdpd-server.c +++ b/src/sdpd-server.c @@ -164,7 +164,7 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d } len = recv(sk, &hdr, sizeof(sdp_pdu_hdr_t), MSG_PEEK); - if (len != sizeof(sdp_pdu_hdr_t)) { + if (len < 0 || (unsigned int) len < sizeof(sdp_pdu_hdr_t)) { sdp_svcdb_collect_all(sk); return FALSE; } |