Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
PUBLIC_REPOS
/
buildroot
-ын хуулбар git://git.buildroot.net/buildroot
2
1
Салаа 0
Файлууд
Мод: 3663d810ca
Салаанууд Тагууд
buildroot
/
package
/
libiec61850
/
0003-COTP-fixed-possible-heap-buffer-overflow-when-handling-message.patch

0003-COTP-fixed-possible-heap-buffer-overflow-when-handling-message.patch 989 B
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627 
  1. From 033ab5b6488250c8c3b838f25a7cbc3e099230bb Mon Sep 17 00:00:00 2001
    2. 

  2. From: Michael Zillgith <michael.zillgith@mz-automation.de>
    3. 

  3. Date: Wed, 12 Aug 2020 07:25:37 +0200
    4. 

  4. Subject: [PATCH] - COTP: fixed possible heap buffer overflow when handling
    5. 

  5.  message with invalid (zero) value in length field (#250)
    6. 

  6. 

  7. [Retrieved from:
    8. 

  8. https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb]
    9. 

  9. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
    10. 

  10. ---
    11. 

  11.  src/mms/iso_cotp/cotp.c | 3 +++
    12. 

  12.  1 file changed, 3 insertions(+)
    13. 

  13. 

  14. diff --git a/src/mms/iso_cotp/cotp.c b/src/mms/iso_cotp/cotp.c
    15. 

  15. index cbb34b36..8c37d262 100644
    16. 

  16. --- a/src/mms/iso_cotp/cotp.c
    17. 

  17. +++ b/src/mms/iso_cotp/cotp.c
    18. 

  18. @@ -720,6 +720,9 @@ CotpConnection_readToTpktBuffer(CotpConnection* self)
    19. 

  19.              goto exit_waiting;
    20. 

  20.      }
    21. 

  21.  
    22. 

  22. +    if (self->packetSize <= bufPos)
    23. 

  23. +        goto exit_error;
    24. 

  24. +
    25. 

  25.      readBytes = readFromSocket(self, buffer + bufPos, self->packetSize - bufPos);
    26. 

  26.  
    27. 

  27.      if (readBytes < 0)
    28.