From: Bart Westgeest <bart@elbrys.com>
To: linux-bluetooth@vger.kernel.org
Cc: Bart Westgeest <bart@elbrys.com>
Subject: [PATCH 3/3] sdp: Upgrade datatype SEQ8 to SEQ16 when data size is greater than 256
Date: Mon, 19 Nov 2012 14:04:32 -0500 [thread overview]
Message-ID: <1353351872-10628-4-git-send-email-bart@elbrys.com> (raw)
In-Reply-To: <1353351872-10628-1-git-send-email-bart@elbrys.com>
Fixes a bug where the complete sequence data is written, but the size
is truncated to one byte.
---
lib/sdp.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/lib/sdp.c b/lib/sdp.c
index 026163e..ceb1192 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -786,23 +786,29 @@ static int sdp_gen_buffer(sdp_buf_t *buf, sdp_data_t *d)
int sdp_gen_pdu(sdp_buf_t *buf, sdp_data_t *d)
{
- uint32_t pdu_size = 0, data_size = 0;
+ uint32_t pdu_size, data_size;
unsigned char *src = NULL, is_seq = 0, is_alt = 0;
- uint8_t dtd = d->dtd;
uint16_t u16;
uint32_t u32;
uint64_t u64;
uint128_t u128;
uint8_t *seqp = buf->data + buf->data_size;
+ uint32_t orig_data_size = buf->data_size;
- pdu_size = sdp_get_data_type_size(dtd);
+recalculate:
+ pdu_size = sdp_get_data_type_size(d->dtd);
buf->data_size += pdu_size;
data_size = sdp_get_data_size(buf, d);
+ if (data_size > UCHAR_MAX && d->dtd == SDP_SEQ8) {
+ buf->data_size = orig_data_size;
+ d->dtd = SDP_SEQ16;
+ goto recalculate;
+ }
- *seqp = dtd;
+ *seqp = d->dtd;
- switch (dtd) {
+ switch (d->dtd) {
case SDP_DATA_NIL:
break;
case SDP_UINT8:
@@ -884,7 +890,7 @@ int sdp_gen_pdu(sdp_buf_t *buf, sdp_data_t *d)
if (src && buf->buf_size >= buf->data_size + data_size) {
memcpy(buf->data + buf->data_size, src, data_size);
buf->data_size += data_size;
- } else if (dtd != SDP_DATA_NIL) {
+ } else if (d->dtd != SDP_DATA_NIL) {
SDPDBG("Gen PDU : Can't copy from invalid source or dest\n");
}
}
--
1.7.10.4
next prev parent reply other threads:[~2012-11-19 19:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-19 19:04 [PATCH 0/3] Fix corrupted SDP response for sequence size > 256 Bart Westgeest
2012-11-19 19:04 ` [PATCH 1/3] sdp: Inlined single use of function sdp_set_data_type Bart Westgeest
2012-11-19 19:04 ` [PATCH 2/3] sdp: Limit side effects of sdp_get_data_type and sdp_get_data_size Bart Westgeest
2012-11-19 20:24 ` Anderson Lizardo
2012-11-19 21:06 ` Bart Westgeest
2012-11-19 19:04 ` Bart Westgeest [this message]
2012-11-19 20:38 ` [PATCH 3/3] sdp: Upgrade datatype SEQ8 to SEQ16 when data size is greater than 256 Anderson Lizardo
2012-11-19 21:33 ` Bart Westgeest
2012-11-20 12:57 ` [PATCH 0/3] Fix corrupted SDP response for sequence size > 256 Johan Hedberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1353351872-10628-4-git-send-email-bart@elbrys.com \
--to=bart@elbrys.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).