From a619fdb168185236c0e16a73ea4df311f6bc3a81 Mon Sep 17 00:00:00 2001
From: Andreas Shimokawa <shimokawa@fsfe.org>
Date: Sun, 2 Aug 2020 13:11:41 +0200
Subject: [PATCH] Huami: Prevent setting an MTU of < 23, which is either a
 special value or a parsing error of Gadgetbridge

This fixes a problem where writeToChunked algorithm results in out of bounds writes or an endless loop.

Closes #1936
---
 .../gadgetbridge/service/devices/huami/HuamiSupport.java      | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huami/HuamiSupport.java b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huami/HuamiSupport.java
index f26cd282d..4268a0611 100644
--- a/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huami/HuamiSupport.java
+++ b/app/src/main/java/nodomain/freeyourgadget/gadgetbridge/service/devices/huami/HuamiSupport.java
@@ -1279,6 +1279,10 @@ public class HuamiSupport extends AbstractBTLEDeviceSupport {
                 if (!prefs.getBoolean(PREF_ALLOW_HIGH_MTU, false)) {
                     break;
                 }
+                if (mtu < 23) {
+                    LOG.error("Device announced unreasonable low MTU of " + mtu + ", ignoring");
+                    break;
+                }
                 mMTU = mtu;
                 /*
                  * not really sure if this would make sense, is this event already a proof of a successful MTU