diff options
| author | Johan Hedberg <johan.hedberg@intel.com> | 2016-02-12 14:30:47 +0200 |
|---|---|---|
| committer | Johan Hedberg <johan.hedberg@intel.com> | 2016-02-12 17:10:42 +0200 |
| commit | c3ba08c55283620d4618c298b1a4ec6f14469394 (patch) | |
| tree | 7cc31f80bd9491ea8136e746d29524b763bf52f1 /drivers/nble | |
| parent | ed8c6b361f1ef64b98541b45f5cd9c4579d720a0 (diff) | |
drivers/nble: Add proper boundary checks for function tables
We should just discard the data if the received table index goes
beyond the actual table size.
Change-Id: I267621f098e349abab5a1f37f485a28448a9396b
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Diffstat (limited to 'drivers/nble')
| -rw-r--r-- | drivers/nble/rpc_deserialize.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/drivers/nble/rpc_deserialize.c b/drivers/nble/rpc_deserialize.c index 753a08ae5..9f165d8c7 100644 --- a/drivers/nble/rpc_deserialize.c +++ b/drivers/nble/rpc_deserialize.c @@ -478,49 +478,49 @@ void rpc_deserialize(struct net_buf *buf) switch (sig_type) { case SIG_TYPE_NONE: - if (sizeof(m_fct_none)) { + if (fn_index < ARRAY_SIZE(m_fct_none)) { BT_DBG("%s", debug_func_none[fn_index]); deserialize_none(fn_index, buf); } break; case SIG_TYPE_S: - if (sizeof(m_fct_s)) { + if (fn_index < ARRAY_SIZE(m_fct_s)) { BT_DBG("%s", debug_func_s[fn_index]); deserialize_s(fn_index, buf); } break; case SIG_TYPE_P: - if (sizeof(m_fct_p)) { + if (fn_index < ARRAY_SIZE(m_fct_p)) { BT_DBG("%s", debug_func_p[fn_index]); deserialize_p(fn_index, buf); } break; case SIG_TYPE_S_B: - if (sizeof(m_fct_s_b)) { + if (fn_index < ARRAY_SIZE(m_fct_s_b)) { BT_DBG("%s", debug_func_s_b[fn_index]); deserialize_s_b(fn_index, buf); } break; case SIG_TYPE_B_B_P: - if (sizeof(m_fct_b_b_p)) { + if (fn_index < ARRAY_SIZE(m_fct_b_b_p)) { BT_DBG("%s", debug_func_b_b_p[fn_index]); deserialize_b_b_p(fn_index, buf); } break; case SIG_TYPE_S_P: - if (sizeof(m_fct_s_p)) { + if (fn_index < ARRAY_SIZE(m_fct_s_p)) { BT_DBG("%s", debug_func_s_p[fn_index]); deserialize_s_p(fn_index, buf); } break; case SIG_TYPE_S_B_P: - if (sizeof(m_fct_s_b_p)) { + if (fn_index < ARRAY_SIZE(m_fct_s_b_p)) { BT_DBG("%s", debug_func_s_b_p[fn_index]); deserialize_s_b_p(fn_index, buf); } break; case SIG_TYPE_S_B_B_P: - if (sizeof(m_fct_s_b_b_p)) { + if (fn_index < ARRAY_SIZE(m_fct_s_b_b_p)) { BT_DBG("%s", debug_func_s_b_b_p[fn_index]); deserialize_s_b_b_p(fn_index, buf); } |