diff options
| author | Harald Welte <laforge@gnumonks.org> | 2017-01-07 16:27:50 +0100 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2017-01-08 16:04:01 +0100 |
| commit | a115fbb1bbfeec9c6a10ac2ea2999e23be77336a (patch) | |
| tree | eb1dd6b310e4c3f1144e729d237e1016c290e925 | |
| parent | 4ae09361234ef6dff29548a528b9dfeba0329da6 (diff) | |
diag_read_msg(): Discard any messages shorter than 3 bytes
The 16bit CRC and the FLAG octet together are 3 bytes. If a message is
shorter than that, something is going wrong, for sure.
| -rw-r--r-- | src/diag_io.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/diag_io.c b/src/diag_io.c index f5b1d52..9309774 100644 --- a/src/diag_io.c +++ b/src/diag_io.c @@ -123,6 +123,12 @@ struct msgb *diag_read_msg(struct diag_instance *di) if (rc == HDLC_COMPLETE) { di->rx.msg = NULL; + + if (msgb_length(msg) < 3) { + msgb_free(msg); + return NULL; + } + rc = crc_check(msgb_data(msg), msgb_length(msg)); if (rc) { fprintf(stderr, "Bad CRC, dropping packet\n"); |