adv.(Packet).Field method stuck in an endless loop, if a specific bytes sequence is passed

[MetalRex101]

If I execute the code, it stuck in an endless loop.

func TestNewPacket(t *testing.T) {
	p := adv.NewRawPacket([]byte{0xff, 0x7f, 0xff, 0xff})
	p.ManufacturerData() // <- stuck here
}

Right now this happens, because

func (p *Packet) Field(typ byte) []byte {
	b := p.b
	for len(b) > 0 {
		if len(b) < 2 {
			return nil
		}
		l, t := b[0], b[1]
		if int(l) < 1 || len(b) < int(1+l) { // if l is 255, then uint8 255 + 1 will result in 0
			return nil
		}
		if t == typ {
			return b[2 : 2+l-1]
		}
		b = b[1+l:] // the same goes here. Since the sum is 0, it will take the whole package again
	}
	return nil
}

[rtoma]

Observing the same while parsing ble advertisements out in the wild.

The Field function is clearly missing an input sanity check, considering max length of p.b is 31 bytes, see

ble/linux/adv/const.go

Line 7 in 8c5522f

const MaxEIRPacketLength = 31

which is used in:

ble/linux/adv/packet.go

Lines 37 to 43 in 8c5522f

	func NewRawPacket(bytes ...[]byte) *Packet {
	p := &Packet{b: make([]byte, 0, MaxEIRPacketLength)}
	for _, b := range bytes {
	p.b = append(p.b, b...)
	}
	return p
	}