diff options
author | Rafał Miłecki <zajec5@gmail.com> | 2015-04-14 12:18:57 +0000 |
---|---|---|
committer | Rafał Miłecki <zajec5@gmail.com> | 2015-04-14 12:18:57 +0000 |
commit | e87605ee996b37931a96a790bcd07d2b8f20401f (patch) | |
tree | 673cb03525acf7f676c4205ca68be726ffa8c4c7 /package | |
parent | cd59cb2a4004c0a4bd13ded3c0ee7abf850fda7d (diff) | |
download | upstream-e87605ee996b37931a96a790bcd07d2b8f20401f.tar.gz upstream-e87605ee996b37931a96a790bcd07d2b8f20401f.tar.bz2 upstream-e87605ee996b37931a96a790bcd07d2b8f20401f.zip |
otrx: check TRX length read from header to avoid Segmentation fault
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45433 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package')
-rw-r--r-- | package/utils/otrx/src/otrx.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/package/utils/otrx/src/otrx.c b/package/utils/otrx/src/otrx.c index a2bc29f59a..7fe4ba6f69 100644 --- a/package/utils/otrx/src/otrx.c +++ b/package/utils/otrx/src/otrx.c @@ -167,6 +167,12 @@ static int otrx_check() { } length = le32_to_cpu(hdr.length); + if (length < sizeof(hdr)) { + fprintf(stderr, "Length read from TRX too low (%zu B)\n", length); + err = -EINVAL; + goto err_close; + } + buf = malloc(length); if (!buf) { fprintf(stderr, "Couldn't alloc %d B buffer\n", length); |