Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic on linux when advertisementData has a length of 255 #26

Closed
EthanYidong opened this issue Nov 4, 2021 · 0 comments
Closed

Panic on linux when advertisementData has a length of 255 #26

EthanYidong opened this issue Nov 4, 2021 · 0 comments

Comments

@EthanYidong
Copy link 

panic: runtime error: slice bounds out of range [2:0]

How to reproduce: Run the discoverer.go example, and have some BLE device nearby that has a 255 byte-long advertisement data, so that

gatt/adv.go

Lines 2008 to 2013 in df6e615

l, t := b[0], b[1]
if int(l) < 1 || len(b) < int(1+l) {
return errors.New("invalid advertise data")
}
d := b[2 : 1+l]

causes 1 + l to overflow to 0.

I also received this error from the ble.recon bettercap module.

Fixes: I am not familiar with the bluetooth spec, so I am not sure if such a length is valid. Nor am I sure what device was causing the error.
If this is not standard and should not be allowed, then adding a check and returning an error would solve the problem. Otherwise, l, t := uint(b[0]), b[1] prevents the overflow.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EthanYidong