dali/bacnet_stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Corrected buffer overflow problem with the npdu decoder found by stress testing the stack. Thank you Cameron!

Browse Source
This commit is contained in:
skarg
2008-12-08 20:17:53 +00:00
parent bb39b745f3
commit e75e88c507
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bacnet-stack/src/npdu.c
+10
View File
@@ -297,6 +297,11 @@ int npdu_decode(
dest->len = address_len; dest->len = address_len;
} }
if (address_len) { if (address_len) {
if ( address_len > MAX_MAC_LEN ) {
/* address is too large could be a malformed message */
return -1;
}
for (i = 0; i < address_len; i++) { for (i = 0; i < address_len; i++) {
mac_octet = npdu[len++]; mac_octet = npdu[len++];
if (dest) if (dest)
@@ -327,6 +332,11 @@ int npdu_decode(
src->len = address_len; src->len = address_len;
} }
if (address_len) { if (address_len) {
if ( address_len > MAX_MAC_LEN ) {
/* address is too large could be a malformed message */
return -1;
}
for (i = 0; i < address_len; i++) { for (i = 0; i < address_len; i++) {
mac_octet = npdu[len++]; mac_octet = npdu[len++];
if (src) if (src)