CVS commit: src/usr.sbin/btpand

Tue, 08 Feb 2011 13:43:58 -0800 

Module Name:    src
Committed By:   plunky
Date:           Tue Feb  8 21:43:45 UTC 2011

Modified Files:
        src/usr.sbin/btpand: bnep.c bnep.h

Log Message:
check number of filters received against max possible


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/usr.sbin/btpand/bnep.c
cvs rdiff -u -r1.1 -r1.2 src/usr.sbin/btpand/bnep.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/btpand/bnep.c
diff -u src/usr.sbin/btpand/bnep.c:1.9 src/usr.sbin/btpand/bnep.c:1.10
--- src/usr.sbin/btpand/bnep.c:1.9	Thu Jan 27 12:19:48 2011
+++ src/usr.sbin/btpand/bnep.c	Tue Feb  8 21:43:45 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: bnep.c,v 1.9 2011/01/27 12:19:48 plunky Exp $	*/
+/*	$NetBSD: bnep.c,v 1.10 2011/02/08 21:43:45 plunky Exp $	*/
 
 /*-
  * Copyright (c) 2008 Iain Hibbert
@@ -26,7 +26,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: bnep.c,v 1.9 2011/01/27 12:19:48 plunky Exp $");
+__RCSID("$NetBSD: bnep.c,v 1.10 2011/02/08 21:43:45 plunky Exp $");
 
 #include <bluetooth.h>
 #include <sdp.h>
@@ -429,6 +429,10 @@
 	}
 
 	nf = len / 4;
+	if (nf > BNEP_MAX_NET_TYPE_FILTERS) {
+		rsp = BNEP_FILTER_TOO_MANY_FILTERS;
+		goto done;
+	}
 	pf = malloc(nf * sizeof(pfilter_t));
 	if (pf == NULL) {
 		rsp = BNEP_FILTER_TOO_MANY_FILTERS;
@@ -511,6 +515,10 @@
 	}
 
 	nf = len / (ETHER_ADDR_LEN * 2);
+	if (nf > BNEP_MAX_MULTI_ADDR_FILTERS) {
+		rsp = BNEP_FILTER_TOO_MANY_FILTERS;
+		goto done;
+	}
 	mf = malloc(nf * sizeof(mfilter_t));
 	if (mf == NULL) {
 		rsp = BNEP_FILTER_TOO_MANY_FILTERS;

Index: src/usr.sbin/btpand/bnep.h
diff -u src/usr.sbin/btpand/bnep.h:1.1 src/usr.sbin/btpand/bnep.h:1.2
--- src/usr.sbin/btpand/bnep.h:1.1	Sun Aug 17 13:20:57 2008
+++ src/usr.sbin/btpand/bnep.h	Tue Feb  8 21:43:45 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: bnep.h,v 1.1 2008/08/17 13:20:57 plunky Exp $	*/
+/*	$NetBSD: bnep.h,v 1.2 2011/02/08 21:43:45 plunky Exp $	*/
 
 /*-
  * Copyright (c) 2008 Iain Hibbert
@@ -36,6 +36,9 @@
 #define	BNEP_TYPE(x)		((x) & 0x7f)
 #define BNEP_TYPE_EXT(x)	(((x) & BNEP_EXT) == BNEP_EXT)
 
+#define BNEP_MAX_NET_TYPE_FILTERS	421
+#define BNEP_MAX_MULTI_ADDR_FILTERS	120
+
 /* BNEP packet types */
 #define	BNEP_GENERAL_ETHERNET			0x00
 #define	BNEP_CONTROL				0x01

Reply via email to