Add lower bound check for manufacturer_data_len (Fix WGID: 311536)

author Atul Rai <a.rai@samsung.com>

Tue, 20 Mar 2018 10:17:05 +0000 (15:47 +0530)

committer Atul Rai <a.rai@samsung.com>

Tue, 20 Mar 2018 10:26:19 +0000 (10:26 +0000)
author Atul Rai <a.rai@samsung.com>
Tue, 20 Mar 2018 10:17:05 +0000 (15:47 +0530)
committer Atul Rai <a.rai@samsung.com>
Tue, 20 Mar 2018 10:26:19 +0000 (10:26 +0000)
diff --git a/src/device.c b/src/device.c

index 7310053..b51d8ed 100644 (file)
--- a/src/device.c
+++ b/src/device.c
@@ -4675,6 +4675,12 @@ static void load_info(struct btd_device *device, const char *local,
                 device->manufacturer_data_len = strtol(str, NULL, 10);
                 g_free(str);
  
+               if (0 > device->manufacturer_data_len) {
+                       error("Invalid manufacturer_data_len: %d",
+                                       device->manufacturer_data_len);
+                       device->manufacturer_data_len = 0;
+               }
+
                 str = g_key_file_get_string(key_file, "General", "ManufacturerData", NULL);
                 if (str) {
                         if (device->manufacturer_data_len < DEV_MAX_MANUFACTURER_DATA_LEN) {
author	Atul Rai <a.rai@samsung.com>
	Tue, 20 Mar 2018 10:17:05 +0000 (15:47 +0530)
committer	Atul Rai <a.rai@samsung.com>
	Tue, 20 Mar 2018 10:26:19 +0000 (10:26 +0000)