diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c index c903747952..b9bcdcc78d 100644 --- a/hw/bt/sdp.c +++ b/hw/bt/sdp.c @@ -150,12 +150,14 @@ static ssize_t sdp_svc_search(struct bt_l2cap_sdp_state_s *sdp, if (seqlen < 3 || len < seqlen) return -SDP_INVALID_SYNTAX; len -= seqlen; - while (seqlen) if (sdp_svc_match(sdp, &req, &seqlen)) return -SDP_INVALID_SYNTAX; - } else if (sdp_svc_match(sdp, &req, &seqlen)) - return -SDP_INVALID_SYNTAX; + } else { + if (sdp_svc_match(sdp, &req, &len)) { + return -SDP_INVALID_SYNTAX; + } + } if (len < 3) return -SDP_INVALID_SYNTAX; @@ -278,8 +280,11 @@ static ssize_t sdp_attr_get(struct bt_l2cap_sdp_state_s *sdp, while (seqlen) if (sdp_attr_match(record, &req, &seqlen)) return -SDP_INVALID_SYNTAX; - } else if (sdp_attr_match(record, &req, &seqlen)) - return -SDP_INVALID_SYNTAX; + } else { + if (sdp_attr_match(record, &req, &len)) { + return -SDP_INVALID_SYNTAX; + } + } if (len < 1) return -SDP_INVALID_SYNTAX; @@ -393,8 +398,11 @@ static ssize_t sdp_svc_search_attr_get(struct bt_l2cap_sdp_state_s *sdp, while (seqlen) if (sdp_svc_match(sdp, &req, &seqlen)) return -SDP_INVALID_SYNTAX; - } else if (sdp_svc_match(sdp, &req, &seqlen)) - return -SDP_INVALID_SYNTAX; + } else { + if (sdp_svc_match(sdp, &req, &len)) { + return -SDP_INVALID_SYNTAX; + } + } if (len < 3) return -SDP_INVALID_SYNTAX; @@ -413,8 +421,11 @@ static ssize_t sdp_svc_search_attr_get(struct bt_l2cap_sdp_state_s *sdp, while (seqlen) if (sdp_svc_attr_match(sdp, &req, &seqlen)) return -SDP_INVALID_SYNTAX; - } else if (sdp_svc_attr_match(sdp, &req, &seqlen)) - return -SDP_INVALID_SYNTAX; + } else { + if (sdp_svc_attr_match(sdp, &req, &len)) { + return -SDP_INVALID_SYNTAX; + } + } if (len < 1) return -SDP_INVALID_SYNTAX;