diff options
| author | Marcel Holtmann <marcel@holtmann.org> | 2008-06-24 00:24:08 +0000 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2008-06-24 00:24:08 +0000 |
| commit | bf39ef3c93da52c445a181b840cbd45601979481 (patch) | |
| tree | afe9d6da312adf5ad85dcd37d6cedb0a17d994c0 | |
| parent | 86a2b9551e7352b6f9115c0b057b0d9133079e25 (diff) | |
Use safe PDU extract functions
| -rw-r--r-- | hcid/dbus-database.c | 4 | ||||
| -rw-r--r-- | hcid/dbus-sdp.c | 13 |
2 files changed, 9 insertions, 8 deletions
diff --git a/hcid/dbus-database.c b/hcid/dbus-database.c index c6a689d2..ab88c8f5 100644 --- a/hcid/dbus-database.c +++ b/hcid/dbus-database.c @@ -119,7 +119,7 @@ static DBusMessage *add_service_record(DBusConnection *conn, if (len <= 0) return invalid_arguments(msg); - sdp_record = sdp_extract_pdu(record, &scanned); + sdp_record = sdp_extract_pdu_safe(record, len, &scanned); if (!sdp_record) { error("Parsing of service record failed"); return failed(msg); @@ -263,7 +263,7 @@ static DBusMessage *update_service_record(DBusConnection *conn, if (!user_record) return not_available(msg); - sdp_record = sdp_extract_pdu(bin_record, &scanned); + sdp_record = sdp_extract_pdu_safe(bin_record, size, &scanned); if (!sdp_record) { error("Parsing of service record failed"); return invalid_arguments(msg); diff --git a/hcid/dbus-sdp.c b/hcid/dbus-sdp.c index cf018f1e..441e8233 100644 --- a/hcid/dbus-sdp.c +++ b/hcid/dbus-sdp.c @@ -499,7 +499,7 @@ static void remote_svc_rec_completed_cb(uint8_t type, uint16_t err, dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE_AS_STRING, &array_iter); - rec = sdp_extract_pdu(rsp, &scanned); + rec = sdp_extract_pdu_safe(rsp, size, &scanned); if (rec == NULL || size != scanned) { error("Invalid service record!"); goto done; @@ -562,7 +562,7 @@ static void remote_svc_rec_completed_xml_cb(uint8_t type, uint16_t err, reply = dbus_message_new_method_return(ctxt->rq); - rec = sdp_extract_pdu(rsp, &scanned); + rec = sdp_extract_pdu_safe(rsp, size, &scanned); if (rec == NULL || size != scanned) { error("Invalid service record!"); goto done; @@ -730,7 +730,7 @@ static void remote_svc_identifiers_completed_cb(uint8_t type, uint16_t err, char **identifiers; DBusMessage *reply; GSList *l = NULL; - int scanned, extracted = 0, len = 0, recsize = 0; + int scanned, extracted = 0, len = 0, recsize = 0, bytesleft = size; uint8_t dtd = 0; if (!ctxt) @@ -762,14 +762,15 @@ static void remote_svc_identifiers_completed_cb(uint8_t type, uint16_t err, goto failed; } - scanned = sdp_extract_seqtype(rsp, &dtd, &len); + scanned = sdp_extract_seqtype_safe(rsp, bytesleft, &dtd, &len); rsp += scanned; - for (; extracted < len; rsp += recsize, extracted += recsize) { + bytesleft -= scanned; + for (; extracted < len; rsp += recsize, extracted += recsize, bytesleft -= recsize) { sdp_record_t *rec; sdp_data_t *d; recsize = 0; - rec = sdp_extract_pdu(rsp, &recsize); + rec = sdp_extract_pdu_safe(rsp, bytesleft, &recsize); if (!rec) break; |