projects / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5c9a543)
otrx: check TRX length read from header to avoid Segmentation fault
authorrmilecki <rmilecki@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Tue, 14 Apr 2015 12:18:57 +0000 (12:18 +0000)
committerrmilecki <rmilecki@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Tue, 14 Apr 2015 12:18:57 +0000 (12:18 +0000)
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45433 3c298f89-4303-0410-b956-a3cf2f4a3e73

package/utils/otrx/src/otrx.c patch | blob | history

diff --git a/package/utils/otrx/src/otrx.c b/package/utils/otrx/src/otrx.c
index a2bc29f..7fe4ba6 100644 (file)
--- a/package/utils/otrx/src/otrx.c
+++ b/package/utils/otrx/src/otrx.c
@@ -167,6 +167,12 @@ static int otrx_check() {
        }
 
        length = le32_to_cpu(hdr.length);
+       if (length < sizeof(hdr)) {
+               fprintf(stderr, "Length read from TRX too low (%zu B)\n", length);
+               err = -EINVAL;
+               goto err_close;
+       }
+
        buf = malloc(length);
        if (!buf) {
                fprintf(stderr, "Couldn't alloc %d B buffer\n", length);
OpenWrt main development branch