handleL2CAP() will cause a runtime error/indexing panic if packet is runt/corrupted

paypal / gatt

Gatt is a Go package for building Bluetooth Low Energy peripherals

BSD 3-Clause "New" or "Revised" License

1.13k stars 284 forks source link

handleL2CAP() will cause a runtime error/indexing panic if packet is runt/corrupted #37

Closed tylerarnold closed 9 years ago

tylerarnold commented 9 years ago

I am dealing with a hardware/RF bug that is probably exposing this, but I found a weakness in the handleL2CAP() function that will cause a runtime error. If the byte slice packet is less than 4 bytes, the cid synthesis will have a slice indexing error that will cause the entire program to crash. this line cid := uint16(a.b[2]) | (uint16(a.b[3]) << 8)

will blow up if size(a.b) < 4

I have a fix that I can do a pull request with.

josharian commented 9 years ago

Yes, please send a pull request. Thanks!

tylerarnold commented 9 years ago

sent!