From 91e141004d35400e705e9dcfac85fc7f10d5340e Mon Sep 17 00:00:00 2001
From: Szymon Janc <szymon.janc@codecoup.pl>
Date: Thu, 7 Nov 2024 09:44:30 +0100
Subject: [PATCH] nimble/host: Add Number Complete Packets event validation

Validate if HCI event received from controller has proper sizes before
passing it to GAP event
---
 nimble/host/src/ble_hs_hci_evt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nimble/host/src/ble_hs_hci_evt.c b/nimble/host/src/ble_hs_hci_evt.c
index b159383c1..6e5eed06b 100644
--- a/nimble/host/src/ble_hs_hci_evt.c
+++ b/nimble/host/src/ble_hs_hci_evt.c
@@ -372,6 +372,10 @@ ble_hs_hci_evt_num_completed_pkts(uint8_t event_code, const void *data,
     uint16_t num_pkts;
     int i;
 
+    if (len < sizeof(*ev)) {
+        return BLE_HS_ECONTROLLER;
+    }
+
     if (len != sizeof(*ev) + (ev->count * sizeof(ev->completed[0]))) {
         return BLE_HS_ECONTROLLER;
     }