projects
/
openwrt
/
staging
/
florian.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
b5073ca
)
otrx: check TRX length read from header to avoid Segmentation fault
author
Rafał Miłecki
<zajec5@gmail.com>
Tue, 14 Apr 2015 12:18:57 +0000
(12:18 +0000)
committer
Rafał Miłecki
<zajec5@gmail.com>
Tue, 14 Apr 2015 12:18:57 +0000
(12:18 +0000)
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45433
package/utils/otrx/src/otrx.c
patch
|
blob
|
history
diff --git
a/package/utils/otrx/src/otrx.c
b/package/utils/otrx/src/otrx.c
index a2bc29f59ad9aa4b0d869c24e7785a1224bca087..7fe4ba6f692f86811b63327dd3bd1d39a5d0b300 100644
(file)
--- a/
package/utils/otrx/src/otrx.c
+++ b/
package/utils/otrx/src/otrx.c
@@
-167,6
+167,12
@@
static int otrx_check() {
}
length = le32_to_cpu(hdr.length);
+ if (length < sizeof(hdr)) {
+ fprintf(stderr, "Length read from TRX too low (%zu B)\n", length);
+ err = -EINVAL;
+ goto err_close;
+ }
+
buf = malloc(length);
if (!buf) {
fprintf(stderr, "Couldn't alloc %d B buffer\n", length);