Bluetooth: Prevent buffer overflow for large advertisement data
authorChriz Chow <cmcvista@gmail.com>
Fri, 20 Apr 2018 07:46:24 +0000 (15:46 +0800)
committerMarcel Holtmann <marcel@holtmann.org>
Fri, 18 May 2018 04:37:51 +0000 (06:37 +0200)
commitee6493462f74013c6f365429401b716500aff838
tree29fed836bb393f20e99c2e3c9f3876db58602144
parent2cc6d0794cbab470b2d82d5a7547c865fd61e0f3
Bluetooth: Prevent buffer overflow for large advertisement data

There are some controllers sending out advertising data with illegal
length value which is longer than HCI_MAX_AD_LENGTH, causing the
buffer last_adv_data overflows. To avoid these controllers from
overflowing the buffer, we do not process the advertisement data
if its length is incorrect.

Signed-off-by: Chriz Chow <chriz.chow@aminocom.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
net/bluetooth/hci_event.c