From: rmilecki <rmilecki@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 14 Apr 2015 12:18:57 +0000 (+0000)
Subject: otrx: check TRX length read from header to avoid Segmentation fault
X-Git-Url: https://git.archive.openwrt.org/?a=commitdiff_plain;h=f0a14ef3dfd6a391ee31c09a7cb0ecd91061724e;p=openwrt.git

otrx: check TRX length read from header to avoid Segmentation fault

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45433 3c298f89-4303-0410-b956-a3cf2f4a3e73
---

diff --git a/package/utils/otrx/src/otrx.c b/package/utils/otrx/src/otrx.c
index a2bc29f59a..7fe4ba6f69 100644
--- a/package/utils/otrx/src/otrx.c
+++ b/package/utils/otrx/src/otrx.c
@@ -167,6 +167,12 @@ static int otrx_check() {
 	}
 
 	length = le32_to_cpu(hdr.length);
+	if (length < sizeof(hdr)) {
+		fprintf(stderr, "Length read from TRX too low (%zu B)\n", length);
+		err = -EINVAL;
+		goto err_close;
+	}
+
 	buf = malloc(length);
 	if (!buf) {
 		fprintf(stderr, "Couldn't alloc %d B buffer\n", length);