diff options
-rw-r--r-- | include/sdp_lib.h | 2 | ||||
-rw-r--r-- | src/sdp.c | 8 |
2 files changed, 8 insertions, 2 deletions
diff --git a/include/sdp_lib.h b/include/sdp_lib.h index 64fe5b52..23157c6f 100644 --- a/include/sdp_lib.h +++ b/include/sdp_lib.h @@ -114,7 +114,7 @@ uint16_t sdp_gen_tid(sdp_session_t *session); /* * SDP transaction: functions for asynchronous search. */ -typedef void sdp_callback_t(uint8_t type, uint16_t status, uint8_t *rsp, size_t size, void *udata); +typedef void sdp_callback_t(uint8_t type, int status, uint8_t *rsp, size_t size, void *udata); sdp_session_t *sdp_create(int sk, uint32_t flags); int sdp_set_notify(sdp_session_t *session, sdp_callback_t *func, void *udata); int sdp_service_search_async(sdp_session_t *session, const sdp_list_t *search); @@ -3253,12 +3253,18 @@ int sdp_process(sdp_session_t *session) goto end; } - if (n == 0 || reqhdr->tid != rsphdr->tid || rsphdr->pdu_id == SDP_ERROR_RSP) { + if (n == 0 || reqhdr->tid != rsphdr->tid) err = EPROTO; goto end; } pdata = rspbuf + sizeof(sdp_pdu_hdr_t); + + if (rsphdr->pdu_id == SDP_ERROR_RSP) { + err = ntohs(bt_get_unaligned((uint16_t *) pdata)); + goto end; + } + rsp_count = ntohs(bt_get_unaligned((uint16_t *) pdata)); t->attr_list_len += rsp_count; pdata += sizeof(uint16_t); // pdata points to attribute list |