diff mbox series

[BlueZ,1/1] btmon: discard corrupt data

Message ID 20220505033745.3242729-2-LuoZhongYao@gmail.com
State New
Headers show
Series [BlueZ,1/1] btmon: discard corrupt data | expand

Commit Message

LuoZhongYao May 5, 2022, 3:37 a.m. UTC 
---
 monitor/control.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/monitor/control.c b/monitor/control.c
index 009cf15..f256b6a 100644
--- a/monitor/control.c
+++ b/monitor/control.c
@@ -1306,14 +1306,19 @@  static void process_data(struct control_data *data)
 
 		data_len = le16_to_cpu(hdr->data_len);
 
+		if (data_len + 2 > sizeof(data->buf)) {
+			fprintf(stderr, "Received corrupted data from TTY\n");
+			data->offset -= 2;
+			memmove(data->buf, data->buf + 2, data->offset);
+			continue;
+		}
+
 		if (data->offset < 2 + data_len)
 			return;
 
 		if (data->offset < sizeof(*hdr) + hdr->hdr_len) {
 			fprintf(stderr, "Received corrupted data from TTY\n");
-			memmove(data->buf, data->buf + 2 + data_len,
-								data->offset);
-			return;
+			goto _drop;
 		}
 
 		if (!tty_parse_header(hdr->ext_hdr, hdr->hdr_len,
@@ -1330,6 +1335,7 @@  static void process_data(struct control_data *data)
 		packet_monitor(tv, NULL, 0, opcode,
 					hdr->ext_hdr + hdr->hdr_len, pktlen);
 
+_drop:
 		data->offset -= 2 + data_len;
 
 		if (data->offset > 0)