[PATCH obexd v3] client: fix parsing of apparam on pbap driver

[PATCH obexd v3] client: fix parsing of apparam on pbap driver

[Luiz Augusto von Dentz]

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Both hdr and size need to be updated otherwise no parameters will be
parsed.
---
v3: fix invalid read caused by updating hdr before size

 client/pbap.c |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/client/pbap.c b/client/pbap.c
index 9e9eb05..8efa568 100644
--- a/client/pbap.c
+++ b/client/pbap.c
@@ -364,8 +364,8 @@ static void read_return_apparam(struct obc_session *session,
 {
 	struct obc_transfer *transfer = obc_session_get_transfer(session);
 	struct obc_transfer_params params;
-	unsigned char *buf;
-	size_t size = 0;
+	struct apparam_hdr *hdr;
+	size_t size;
 
 	*phone_book_size = 0;
 	*new_missed_calls = 0;
@@ -376,9 +376,10 @@ static void read_return_apparam(struct obc_session *session,
 	if (params.size < APPARAM_HDR_SIZE)
 		return;
 
-	while (size > APPARAM_HDR_SIZE) {
-		struct apparam_hdr *hdr = (struct apparam_hdr *) params.data;
+	hdr = (struct apparam_hdr *) params.data;
+	size = params.size;
 
+	while (size > APPARAM_HDR_SIZE) {
 		if (hdr->len > size - APPARAM_HDR_SIZE) {
 			error("Unexpected PBAP pullphonebook app"
 					" length, tag %d, len %d",
@@ -404,8 +405,8 @@ static void read_return_apparam(struct obc_session *session,
 					hdr->tag, hdr->len);
 		}
 
-		buf += APPARAM_HDR_SIZE + hdr->len;
 		size -= APPARAM_HDR_SIZE + hdr->len;
+		hdr += APPARAM_HDR_SIZE + hdr->len;
 	}
 }
 
-- 
1.7.7.5

Re: [PATCH obexd v3] client: fix parsing of apparam on pbap driver

[Johan Hedberg]

Hi Luiz,

On Wed, Jan 18, 2012, Luiz Augusto von Dentz wrote:
> Both hdr and size need to be updated otherwise no parameters will be
> parsed.
> ---
> v3: fix invalid read caused by updating hdr before size
> 
>  client/pbap.c |   11 ++++++-----
>  1 files changed, 6 insertions(+), 5 deletions(-)

Applied. Thanks.

Johan