otrx: check TRX length read from header to avoid Segmentation fault

Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 45433
author: Rafał Miłecki <zajec5@gmail.com> 2015-04-14 12:18:57 +0000
committer: Rafał Miłecki <zajec5@gmail.com> 2015-04-14 12:18:57 +0000
commit: 834e60c4f16b3131c9dd51a0bc00bd47222f57a6 (patch)
tree: 2219917cde9d14d1de16fe0bf7a8abec1f5b1f5e /package/utils/otrx/src/otrx.c
parent: b5073ca2c859fe8763a0717abcfb5f5646d5a543 (diff)
download: upstream-834e60c4f16b3131c9dd51a0bc00bd47222f57a6.tar.gz
upstream-834e60c4f16b3131c9dd51a0bc00bd47222f57a6.tar.bz2
upstream-834e60c4f16b3131c9dd51a0bc00bd47222f57a6.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/package/utils/otrx/src/otrx.c b/package/utils/otrx/src/otrx.c
index a2bc29f59a..7fe4ba6f69 100644
--- a/package/utils/otrx/src/otrx.c
+++ b/package/utils/otrx/src/otrx.c
@@ -167,6 +167,12 @@ static int otrx_check() {
 	}
 
 	length = le32_to_cpu(hdr.length);
+	if (length < sizeof(hdr)) {
+		fprintf(stderr, "Length read from TRX too low (%zu B)\n", length);
+		err = -EINVAL;
+		goto err_close;
+	}
+
 	buf = malloc(length);
 	if (!buf) {
 		fprintf(stderr, "Couldn't alloc %d B buffer\n", length);
author	Rafał Miłecki <zajec5@gmail.com>	2015-04-14 12:18:57 +0000
committer	Rafał Miłecki <zajec5@gmail.com>	2015-04-14 12:18:57 +0000
commit	834e60c4f16b3131c9dd51a0bc00bd47222f57a6 (patch)
tree	2219917cde9d14d1de16fe0bf7a8abec1f5b1f5e /package/utils/otrx/src/otrx.c
parent	b5073ca2c859fe8763a0717abcfb5f5646d5a543 (diff)
download	upstream-834e60c4f16b3131c9dd51a0bc00bd47222f57a6.tar.gz upstream-834e60c4f16b3131c9dd51a0bc00bd47222f57a6.tar.bz2 upstream-834e60c4f16b3131c9dd51a0bc00bd47222f57a6.zip