e38fbf739c
repo: https://github.com/buildroot/buildroot/tree/2021.05 commit: 69f79f2a2ee1417e19c1ead2c9226e11753c06cb Update for 2021.05 Change-Id: I77d6d14da04483c97cb172bf6732732012e538d9
28 lines
989 B
Diff
28 lines
989 B
Diff
From 033ab5b6488250c8c3b838f25a7cbc3e099230bb Mon Sep 17 00:00:00 2001
|
|
From: Michael Zillgith <michael.zillgith@mz-automation.de>
|
|
Date: Wed, 12 Aug 2020 07:25:37 +0200
|
|
Subject: [PATCH] - COTP: fixed possible heap buffer overflow when handling
|
|
message with invalid (zero) value in length field (#250)
|
|
|
|
[Retrieved from:
|
|
https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb]
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
---
|
|
src/mms/iso_cotp/cotp.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/src/mms/iso_cotp/cotp.c b/src/mms/iso_cotp/cotp.c
|
|
index cbb34b36..8c37d262 100644
|
|
--- a/src/mms/iso_cotp/cotp.c
|
|
+++ b/src/mms/iso_cotp/cotp.c
|
|
@@ -720,6 +720,9 @@ CotpConnection_readToTpktBuffer(CotpConnection* self)
|
|
goto exit_waiting;
|
|
}
|
|
|
|
+ if (self->packetSize <= bufPos)
|
|
+ goto exit_error;
|
|
+
|
|
readBytes = readFromSocket(self, buffer + bufPos, self->packetSize - bufPos);
|
|
|
|
if (readBytes < 0)
|