Skip to content
Commit 8c2965e0 authored by Aleksandr Khromykh's avatar Aleksandr Khromykh Committed by Christopher Friedt
Browse files

Bluetooth: Mesh: add check for rx buffer overflow in pb adv 



There is potential buffer overflow in pb adv.
If Transaction Continuation PDU comes before
Transaction Start PDU the last segment number is set to 0xff.
The current implementation has a strictly limited buffer size.
It is possible to receive malformed frame with wrong segment
number. All segments with number 2 and above will be stored
in the memory behind Rx buffer.

Signed-off-by: default avatarAleksandr Khromykh <Aleksandr.Khromykh@nordicsemi.no>
(cherry picked from commit 6896075b)
parent 7aa38b4a
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment

CRA Git | Maintained and supported by SUSTech CRA and CCSE