aboutsummaryrefslogtreecommitdiffstats
path: root/package
diff options
context:
space:
mode:
authorRafał Miłecki <zajec5@gmail.com>2015-04-14 12:18:57 +0000
committerRafał Miłecki <zajec5@gmail.com>2015-04-14 12:18:57 +0000
commite87605ee996b37931a96a790bcd07d2b8f20401f (patch)
tree673cb03525acf7f676c4205ca68be726ffa8c4c7 /package
parentcd59cb2a4004c0a4bd13ded3c0ee7abf850fda7d (diff)
downloadupstream-e87605ee996b37931a96a790bcd07d2b8f20401f.tar.gz
upstream-e87605ee996b37931a96a790bcd07d2b8f20401f.tar.bz2
upstream-e87605ee996b37931a96a790bcd07d2b8f20401f.zip
otrx: check TRX length read from header to avoid Segmentation fault
Signed-off-by: Rafał Miłecki <zajec5@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45433 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package')
-rw-r--r--package/utils/otrx/src/otrx.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/package/utils/otrx/src/otrx.c b/package/utils/otrx/src/otrx.c
index a2bc29f59a..7fe4ba6f69 100644
--- a/package/utils/otrx/src/otrx.c
+++ b/package/utils/otrx/src/otrx.c
@@ -167,6 +167,12 @@ static int otrx_check() {
}
length = le32_to_cpu(hdr.length);
+ if (length < sizeof(hdr)) {
+ fprintf(stderr, "Length read from TRX too low (%zu B)\n", length);
+ err = -EINVAL;
+ goto err_close;
+ }
+
buf = malloc(length);
if (!buf) {
fprintf(stderr, "Couldn't alloc %d B buffer\n", length);