summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2008-06-24 00:22:20 +0000
committerMarcel Holtmann <marcel@holtmann.org>2008-06-24 00:22:20 +0000
commit86a2b9551e7352b6f9115c0b057b0d9133079e25 (patch)
treee739b2fb2de349383e76a2d64066f89cf80810c6
parent9e198552165e2e473a9cb6792a70fe85fecbc987 (diff)
Use the safe versions for SDP record extraction
-rw-r--r--common/glib-helper.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/common/glib-helper.c b/common/glib-helper.c
index eab30b5e..931b99a5 100644
--- a/common/glib-helper.c
+++ b/common/glib-helper.c
@@ -115,7 +115,7 @@ static void search_completed_cb(uint8_t type, uint16_t status,
{
struct search_context *ctxt = user_data;
sdp_list_t *recs = NULL;
- int scanned, seqlen = 0;
+ int scanned, seqlen = 0, bytesleft = size;
uint8_t dataType;
int err = 0;
@@ -124,17 +124,18 @@ static void search_completed_cb(uint8_t type, uint16_t status,
goto done;
}
- scanned = sdp_extract_seqtype(rsp, &dataType, &seqlen);
+ scanned = sdp_extract_seqtype_safe(rsp, bytesleft, &dataType, &seqlen);
if (!scanned || !seqlen)
goto done;
rsp += scanned;
+ bytesleft -= scanned;
do {
sdp_record_t *rec;
int recsize;
recsize = 0;
- rec = sdp_extract_pdu(rsp, &recsize);
+ rec = sdp_extract_pdu_safe(rsp, bytesleft, &recsize);
if (!rec)
break;
@@ -145,9 +146,10 @@ static void search_completed_cb(uint8_t type, uint16_t status,
scanned += recsize;
rsp += recsize;
+ bytesleft -= recsize;
recs = sdp_list_append(recs, rec);
- } while (scanned < size);
+ } while (scanned < size && bytesleft > 0);
done:
sdp_close(ctxt->session);