From: James Courtier-Dutton <James@superbug.demon.co.uk>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: BlueZ Mailing List <bluez-devel@lists.sourceforge.net>
Subject: Re: [Bluez-devel] [PATCH] Fix some bugs in hcidump.
Date: Mon, 23 Feb 2004 15:04:51 +0000 [thread overview]
Message-ID: <403A1693.1060909@superbug.demon.co.uk> (raw)
In-Reply-To: <1077545085.13454.1.camel@pegasus>
[-- Attachment #1: Type: text/plain, Size: 359 bytes --]
Marcel Holtmann wrote:
>>Do you want me to resubmit the patch as a "cvs -u diff" ?
>
>
> yes. And please remove the initial assignment of len.
>
> Regards
>
> Marcel
>
>
See attached patch.
I have also added some extra checks so that the while loops will not go
mad if there is a badly formed packet. I.E. n,n1,n2 get given bad values.
Cheers
James
[-- Attachment #2: hcidump-fix-sdp.patch --]
[-- Type: text/x-patch, Size: 2136 bytes --]
Index: hcidump/parser/sdp.c
===================================================================
RCS file: /cvsroot/bluez/hcidump/parser/sdp.c,v
retrieving revision 1.22
diff -u -r1.22 sdp.c
--- hcidump/parser/sdp.c 1 Sep 2003 15:09:06 -0000 1.22
+++ hcidump/parser/sdp.c 23 Feb 2004 14:44:00 -0000
@@ -279,7 +279,7 @@
static inline void print_des(uint8_t de_type, int level, int n, struct frame *frm, int *split)
{
int len = frm->len;
- while (len - frm->len < n )
+ while ( (len - frm->len < n) && (frm->len > 0) )
print_de(level, frm, split);
}
@@ -328,7 +328,7 @@
static inline void print_srv_srch_pat(int level, struct frame *frm)
{
- int len = frm->len;
+ int len;
int n1;
int n2;
@@ -336,7 +336,8 @@
printf("pat");
if (parse_de_hdr(frm, &n1) == SDP_DE_SEQ) {
- while (len - frm->len <= n1 ) {
+ len = frm->len;
+ while ( (len - frm->len < n1) && (frm->len > 0) ) {
if (parse_de_hdr(frm,&n2) == SDP_DE_UUID) {
print_uuid(n2, frm);
} else {
@@ -356,14 +357,15 @@
{
uint16_t attr_id;
uint32_t attr_id_range;
- int len = frm->len;
+ int len;
int n1, n2;
p_indent(level, frm);
printf("aid(s)");
if (parse_de_hdr(frm, &n1) == SDP_DE_SEQ) {
- while (len - frm->len <= n1 ) {
+ len = frm->len;
+ while ( (len - frm->len < n1) && (frm->len > 0) ) {
/* Print AttributeID */
if (parse_de_hdr(frm, &n2) == SDP_DE_UINT) {
char *name;
@@ -398,10 +400,11 @@
{
uint16_t attr_id;
int n1, n2, split;
- int len = frm->len;
+ int len;
if (parse_de_hdr(frm, &n1) == SDP_DE_SEQ) {
- while (len - frm->len < n1 ) {
+ len = frm->len;
+ while ( (len - frm->len < n1) && (frm->len > 0) ) {
/* Print AttributeID */
if (parse_de_hdr(frm, &n2) == SDP_DE_UINT && n2 == sizeof(attr_id)) {
char *name;
@@ -437,8 +440,7 @@
int cnt = 0;
if (parse_de_hdr(frm, &n) == SDP_DE_SEQ) {
-// printf(" len 0x%x frm->len 0x%x n 0x%x\n", len, frm->len, n);
- while (len - frm->len < n ) {
+ while ( (len - frm->len < n) && (frm->len > 0) ) {
p_indent(level, 0);
printf("srv rec #%d\n", cnt++);
print_attr_list(level+1, frm);
next prev parent reply other threads:[~2004-02-23 15:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-23 3:18 [Bluez-devel] [PATCH] Fix some bugs in hcidump James Courtier-Dutton
2004-02-23 7:42 ` Marcel Holtmann
2004-02-23 13:41 ` James Courtier-Dutton
2004-02-23 14:04 ` Marcel Holtmann
2004-02-23 15:04 ` James Courtier-Dutton [this message]
2004-02-23 17:39 ` Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=403A1693.1060909@superbug.demon.co.uk \
--to=james@superbug.demon.co.uk \
--cc=bluez-devel@lists.sourceforge.net \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox