d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix mbuf handling in le advertize packet processing.

Browse Source 
Submitted by: Marc Veldman <marc at bumblingdork.com>
This commit is contained in:
Takanori Watanabe 2020-04-02 09:15:31 +00:00
parent 2338bd4714
commit 3cba89e6f8
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/netgraph/bluetooth/hci/ng_hci_evnt.c
View File

@ -381,6 +381,7 @@ le_advertizing_report(ng_hci_unit_p unit, struct mbuf *event)
ng_hci_neighbor_p n = NULL; ng_hci_neighbor_p n = NULL;
bdaddr_t bdaddr; bdaddr_t bdaddr;
int error = 0; int error = 0;
int num_reports = 0;
u_int8_t event_type; u_int8_t event_type;
u_int8_t addr_type; u_int8_t addr_type;
@ -389,9 +390,11 @@ le_advertizing_report(ng_hci_unit_p unit, struct mbuf *event)
return (ENOBUFS); return (ENOBUFS);
ep = mtod(event, ng_hci_le_advertising_report_ep *); ep = mtod(event, ng_hci_le_advertising_report_ep *);
num_reports = ep->num_reports;
m_adj(event, sizeof(*ep)); m_adj(event, sizeof(*ep));
ep = NULL;
for (; ep->num_reports > 0; ep->num_reports --) { for (; num_reports > 0; num_reports --) {
/* Get remote unit address */ /* Get remote unit address */
NG_HCI_M_PULLUP(event, sizeof(u_int8_t)); NG_HCI_M_PULLUP(event, sizeof(u_int8_t));
event_type = *mtod(event, u_int8_t *); event_type = *mtod(event, u_int8_t *);