From 834e60c4f16b3131c9dd51a0bc00bd47222f57a6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Tue, 14 Apr 2015 12:18:57 +0000 Subject: [PATCH] otrx: check TRX length read from header to avoid Segmentation fault MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Rafał Miłecki SVN-Revision: 45433 --- package/utils/otrx/src/otrx.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/package/utils/otrx/src/otrx.c b/package/utils/otrx/src/otrx.c index a2bc29f59ad..7fe4ba6f692 100644 --- a/package/utils/otrx/src/otrx.c +++ b/package/utils/otrx/src/otrx.c @@ -167,6 +167,12 @@ static int otrx_check() { } length = le32_to_cpu(hdr.length); + if (length < sizeof(hdr)) { + fprintf(stderr, "Length read from TRX too low (%zu B)\n", length); + err = -EINVAL; + goto err_close; + } + buf = malloc(length); if (!buf) { fprintf(stderr, "Couldn't alloc %d B buffer\n", length); -- 2.30.2