From 13c28077c3227f95ee7f1c477e520cdb388d53f0 Mon Sep 17 00:00:00 2001
From: Sandeep Mistry <sandeep.mistry@gmail.com>
Date: Mon, 1 Sep 2014 20:10:31 -0400
Subject: [PATCH] - bounds check MTU request between 23 - 256 bytes

---
 lib/linux/l2cap-ble.js | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/lib/linux/l2cap-ble.js b/lib/linux/l2cap-ble.js
index 9b2d1085..8fb41383 100644
--- a/lib/linux/l2cap-ble.js
+++ b/lib/linux/l2cap-ble.js
@@ -64,7 +64,7 @@ var ATT_ECODE_INSUFF_RESOURCES      = 0x11;
 
 var L2capBle = function(address, addressType) {
   var l2capBle = __dirname + '/../../build/Release/l2cap-ble';
-  
+
   debug('l2capBle = ' + l2capBle);
 
   this._l2capBle = spawn(l2capBle);
@@ -100,7 +100,7 @@ L2capBle.prototype.onStdoutData = function(data) {
     var line = this._buffer.substring(0, newLineIndex);
     var found;
     var clientAddress;
-    
+
     this._buffer = this._buffer.substring(newLineIndex + 1);
 
     debug('line = ' + line);
@@ -118,7 +118,7 @@ L2capBle.prototype.onStdoutData = function(data) {
     } else if ((found = line.match(/^rssi = (.*)$/))) {
       var rssi = parseInt(found[1], 10);
 
-      this.emit('rssiUpdate', rssi);  
+      this.emit('rssiUpdate', rssi);
     } else if ((found = line.match(/^security (.*)$/))) {
       this._security = found[1];
     } else if ((found = line.match(/^data (.*)$/))) {
@@ -226,7 +226,7 @@ L2capBle.prototype.setServices = function(services) {
         uuid: characteristic.uuid,
         properties: properties,
         secure: secure,
-        attribute: characteristic,  
+        attribute: characteristic,
         startHandle: characteristicHandle,
         valueHandle: characteristicValueHandle
       };
@@ -372,6 +372,12 @@ L2capBle.prototype.handleRequest = function(request) {
 L2capBle.prototype.handleMtuRequest = function(request) {
   var mtu = request.readUInt16LE(1);
 
+  if (mtu < 23) {
+    mtu = 23;
+  } else if (mtu > 256) {
+    mtu = 256;
+  }
+
   this._mtu = mtu;
 
   var response = new Buffer(3);
@@ -423,7 +429,7 @@ L2capBle.prototype.handleFindInfoRequest = function(request) {
   if (infos.length) {
     var uuidSize = infos[0].uuid.length / 2;
     var numInfo = 1;
-    
+
     for (i = 1; i < infos.length; i++) {
       if (infos[0].uuid.length !== infos[i].uuid.length) {
         break;
@@ -536,7 +542,7 @@ L2capBle.prototype.handleReadByGroupRequest = function(request) {
     if (services.length) {
       var uuidSize = services[0].uuid.length / 2;
       var numServices = 1;
-      
+
       for (i = 1; i < services.length; i++) {
         if (services[0].uuid.length !== services[i].uuid.length) {
           break;
@@ -603,7 +609,7 @@ L2capBle.prototype.handleReadByTypeRequest = function(request) {
     if (characteristics.length) {
       var uuidSize = characteristics[0].uuid.length / 2;
       var numCharacteristics = 1;
-      
+
       for (i = 1; i < characteristics.length; i++) {
         if (characteristics[0].uuid.length !== characteristics[i].uuid.length) {
           break;
@@ -807,7 +813,7 @@ L2capBle.prototype.handleWriteRequestOrCommand = function(request) {
             var callbackResponse = null;
 
             if (ATT_ECODE_SUCCESS === result) {
-              callbackResponse = new Buffer([ATT_OP_WRITE_RESP]); 
+              callbackResponse = new Buffer([ATT_OP_WRITE_RESP]);
             } else {
               callbackResponse = this.errorResponse(requestType, valueHandle, result);
             }