Skip to content
Commit 52453075 authored by Lyle Zhu's avatar Lyle Zhu Committed by Benjamin Cabé
Browse files

Bluetooth: GATT: Check len of response before parsing response PDU 



In function `parse_read_by_uuid()`, the response length is not checked
before parsing the response PDU. There is a potential issue that the
`len` will be underflowed if the `len` is less than the size of
`struct bt_att_data`.

Check the length before parsing the response PDU. If the length is less
then the size of `struct bt_att_data`, notify the upper layer with the
error `BT_ATT_ERR_INVALID_PDU` and stop the parsing.

Signed-off-by: default avatarLyle Zhu <lyle.zhu@nxp.com>
parent 7f945957
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment

CRA Git | Maintained and supported by SUSTech CRA and CCSE