From a115fbb1bbfeec9c6a10ac2ea2999e23be77336a Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sat, 7 Jan 2017 16:27:50 +0100 Subject: diag_read_msg(): Discard any messages shorter than 3 bytes The 16bit CRC and the FLAG octet together are 3 bytes. If a message is shorter than that, something is going wrong, for sure. --- src/diag_io.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/diag_io.c') diff --git a/src/diag_io.c b/src/diag_io.c index f5b1d52..9309774 100644 --- a/src/diag_io.c +++ b/src/diag_io.c @@ -123,6 +123,12 @@ struct msgb *diag_read_msg(struct diag_instance *di) if (rc == HDLC_COMPLETE) { di->rx.msg = NULL; + + if (msgb_length(msg) < 3) { + msgb_free(msg); + return NULL; + } + rc = crc_check(msgb_data(msg), msgb_length(msg)); if (rc) { fprintf(stderr, "Bad CRC, dropping packet\n"); -- cgit v1.2.3