index
:
openwrt.git
OpenWrt Source Repository
log msg
author
committer
range
feature/odhcpd_odhcp6c_udhcpc-capsdrop
linksys3200ac-master
master
summary
refs
log
tree
commit
diff
diff options
context:
1
2
3
4
5
6
7
8
9
10
15
20
25
30
35
40
space:
include
ignore
mode:
unified
ssdiff
stat only
author
Rafał Miłecki <zajec5@gmail.com>
2015-04-14 12:18:57 +0000
committer
Rafał Miłecki <zajec5@gmail.com>
2015-04-14 12:18:57 +0000
commit
834e60c4f16b3131c9dd51a0bc00bd47222f57a6
(
patch
)
tree
2219917cde9d14d1de16fe0bf7a8abec1f5b1f5e
parent
b5073ca2c859fe8763a0717abcfb5f5646d5a543
(
diff
)
otrx: check TRX length read from header to avoid Segmentation fault
Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 45433
Diffstat
-rw-r--r--
package/utils/otrx/src/otrx.c
6
1 files changed, 6 insertions, 0 deletions
diff --git a/package/utils/otrx/src/otrx.c b/package/utils/otrx/src/otrx.c
index a2bc29f59a..7fe4ba6f69 100644
--- a/
package/utils/otrx/src/otrx.c
+++ b/
package/utils/otrx/src/otrx.c
@@ -167,6 +167,12 @@ static int otrx_check() {
}
length = le32_to_cpu(hdr.length);
+ if (length < sizeof(hdr)) {
+ fprintf(stderr, "Length read from TRX too low (%zu B)\n", length);
+ err = -EINVAL;
+ goto err_close;
+ }
+
buf = malloc(length);
if (!buf) {
fprintf(stderr, "Couldn't alloc %d B buffer\n", length);