From 834e60c4f16b3131c9dd51a0bc00bd47222f57a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
Date: Tue, 14 Apr 2015 12:18:57 +0000
Subject: otrx: check TRX length read from header to avoid Segmentation fault
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45433
---
 package/utils/otrx/src/otrx.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/package/utils/otrx/src/otrx.c b/package/utils/otrx/src/otrx.c
index a2bc29f59a..7fe4ba6f69 100644
--- a/package/utils/otrx/src/otrx.c
+++ b/package/utils/otrx/src/otrx.c
@@ -167,6 +167,12 @@ static int otrx_check() {
 	}
 
 	length = le32_to_cpu(hdr.length);
+	if (length < sizeof(hdr)) {
+		fprintf(stderr, "Length read from TRX too low (%zu B)\n", length);
+		err = -EINVAL;
+		goto err_close;
+	}
+
 	buf = malloc(length);
 	if (!buf) {
 		fprintf(stderr, "Couldn't alloc %d B buffer\n", length);
-- 
cgit v1.2.3