mirror of
https://github.com/bluekitchen/btstack.git
synced 2025-03-29 22:20:37 +00:00
hci_transport_h4: fix payload size check
This commit is contained in:
parent
6ea073fee9
commit
ea374553cc
@ -437,8 +437,8 @@ static void hci_transport_em9304_spi_block_read(void){
|
||||
|
||||
case H4_W4_EVENT_HEADER:
|
||||
hci_transport_em9304_spi_bytes_to_read = hci_packet[2];
|
||||
// check ACL length
|
||||
if (HCI_EVENT_HEADER_SIZE + hci_transport_em9304_spi_bytes_to_read > HCI_INCOMING_PACKET_BUFFER_SIZE){
|
||||
// check Event length
|
||||
if (bytes_to_read > (HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_EVENT_HEADER_SIZE)){
|
||||
log_error("invalid Event len %d - only space for %u", hci_transport_em9304_spi_bytes_to_read, HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_EVENT_HEADER_SIZE);
|
||||
hci_transport_em9304_spi_reset_statemachine();
|
||||
break;
|
||||
@ -449,7 +449,7 @@ static void hci_transport_em9304_spi_block_read(void){
|
||||
case H4_W4_ACL_HEADER:
|
||||
hci_transport_em9304_spi_bytes_to_read = little_endian_read_16( hci_packet, 3);
|
||||
// check ACL length
|
||||
if (HCI_ACL_HEADER_SIZE + hci_transport_em9304_spi_bytes_to_read > HCI_INCOMING_PACKET_BUFFER_SIZE){
|
||||
if (bytes_to_read > (HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_ACL_HEADER_SIZE)){
|
||||
log_error("invalid ACL payload len %d - only space for %u", hci_transport_em9304_spi_bytes_to_read, HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_ACL_HEADER_SIZE);
|
||||
hci_transport_em9304_spi_reset_statemachine();
|
||||
break;
|
||||
|
@ -140,8 +140,8 @@ static void (*packet_handler)(uint8_t packet_type, uint8_t *packet, uint16_t si
|
||||
|
||||
// packet reader state machine
|
||||
static H4_STATE h4_state;
|
||||
static int bytes_to_read;
|
||||
static int read_pos;
|
||||
static uint16_t bytes_to_read;
|
||||
static uint16_t read_pos;
|
||||
|
||||
// incoming packet buffer
|
||||
static uint8_t hci_packet_with_pre_buffer[HCI_INCOMING_PRE_BUFFER_SIZE + HCI_INCOMING_PACKET_BUFFER_SIZE + 1]; // packet type + max(acl header + acl payload, event header + event data)
|
||||
@ -225,7 +225,7 @@ static void hci_transport_h4_block_read(void){
|
||||
case H4_W4_EVENT_HEADER:
|
||||
bytes_to_read = hci_packet[2];
|
||||
// check Event length
|
||||
if (HCI_EVENT_HEADER_SIZE + bytes_to_read > HCI_INCOMING_PACKET_BUFFER_SIZE){
|
||||
if (bytes_to_read > (HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_EVENT_HEADER_SIZE)){
|
||||
log_error("hci_transport_h4: invalid Event len %d - only space for %u", bytes_to_read, HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_EVENT_HEADER_SIZE);
|
||||
hci_transport_h4_reset_statemachine();
|
||||
break;
|
||||
@ -236,7 +236,7 @@ static void hci_transport_h4_block_read(void){
|
||||
case H4_W4_ACL_HEADER:
|
||||
bytes_to_read = little_endian_read_16( hci_packet, 3);
|
||||
// check ACL length
|
||||
if (HCI_ACL_HEADER_SIZE + bytes_to_read > HCI_INCOMING_PACKET_BUFFER_SIZE){
|
||||
if (bytes_to_read > (HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_ACL_HEADER_SIZE)){
|
||||
log_error("hci_transport_h4: invalid ACL payload len %d - only space for %u", bytes_to_read, HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_ACL_HEADER_SIZE);
|
||||
hci_transport_h4_reset_statemachine();
|
||||
break;
|
||||
@ -247,7 +247,7 @@ static void hci_transport_h4_block_read(void){
|
||||
case H4_W4_SCO_HEADER:
|
||||
bytes_to_read = hci_packet[3];
|
||||
// check SCO length
|
||||
if (HCI_SCO_HEADER_SIZE + bytes_to_read > HCI_INCOMING_PACKET_BUFFER_SIZE){
|
||||
if (bytes_to_read > (HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_SCO_HEADER_SIZE)){
|
||||
log_error("hci_transport_h4: invalid SCO payload len %d - only space for %u", bytes_to_read, HCI_INCOMING_PACKET_BUFFER_SIZE - HCI_SCO_HEADER_SIZE);
|
||||
hci_transport_h4_reset_statemachine();
|
||||
break;
|
||||
|
Loading…
x
Reference in New Issue
Block a user