Hi, I've been looking through the code for ble_ll_rx_pkt_in(), and I can't see anywhere where the length of `rxbuf` (`m->om_data`) is checked. The value seems to be available in `m->om_len` but isn't read anywhere. Subsequent functions just seem to assume that a packet is as large as it should be.
Assuming I haven't misread the code, isn't that a huge security issue? Cheers, Tim
