projects
/
openwrt
/
svn-archive
/
archive.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
otrx: check TRX length read from header to avoid Segmentation fault
[openwrt/svn-archive/archive.git]
/
package
/
utils
/
otrx
/
src
/
otrx.c
diff --git
a/package/utils/otrx/src/otrx.c
b/package/utils/otrx/src/otrx.c
index a2bc29f59ad9aa4b0d869c24e7785a1224bca087..7fe4ba6f692f86811b63327dd3bd1d39a5d0b300 100644
(file)
--- a/
package/utils/otrx/src/otrx.c
+++ b/
package/utils/otrx/src/otrx.c
@@
-167,6
+167,12
@@
static int otrx_check() {
}
length = le32_to_cpu(hdr.length);
}
length = le32_to_cpu(hdr.length);
+ if (length < sizeof(hdr)) {
+ fprintf(stderr, "Length read from TRX too low (%zu B)\n", length);
+ err = -EINVAL;
+ goto err_close;
+ }
+
buf = malloc(length);
if (!buf) {
fprintf(stderr, "Couldn't alloc %d B buffer\n", length);
buf = malloc(length);
if (!buf) {
fprintf(stderr, "Couldn't alloc %d B buffer\n", length);