Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 77c6d9f7 authored by Jakub Pawlowski's avatar Jakub Pawlowski
Browse files

Check device name length 

BT spec limits the length of device name to 248 bytes. With the new
LE advertising packets, that can go up to 1650 bytes long, we must check
the length of device name received.

Bug: 37671082
Test: manual
Change-Id: Iad309d638003c2391014c9764605d84ed5717cb1
parent 5153b3f9

system/btif/src/btif_ble_scanner.cc

+11 −1
Original line number Diff line number Diff line
@@ -160,8 +160,18 @@ void bta_scan_results_cb_impl(bt_bdaddr_t bd_addr, tBT_DEVICE_TYPE device_type, 
      btif_gattc_add_remote_bdaddr(bd_addr.address, addr_type);



      if (p_eir_remote_name) {

        if (remote_name_len > BD_NAME_LEN + 1 ||

            (remote_name_len == BD_NAME_LEN + 1 &&

             p_eir_remote_name[BD_NAME_LEN] != '\0')) {

          LOG_INFO(LOG_TAG,

                   "%s dropping invalid packet - device name too long: %d",

                   __func__, remote_name_len);

          return;

        }



        bt_bdname_t bdname;

        memcpy(bdname.name, p_eir_remote_name, remote_name_len);

        if (remote_name_len < BD_NAME_LEN + 1)

          bdname.name[remote_name_len] = '\0';



        LOG_VERBOSE(LOG_TAG, "%s BLE device name=%s len=%d dev_type=%d",