diff options
author | Tom Tsou <tom.tsou@ettus.com> | 2016-04-28 21:55:17 -0700 |
---|---|---|
committer | Tom Tsou <tom.tsou@ettus.com> | 2016-05-02 17:37:05 -0700 |
commit | 2c650a6895f573e4455f55f0d1ed136ba8ae4744 (patch) | |
tree | b0a1317a4cda61ba1d90dab064e1909a1f1057b9 /Transceiver52M | |
parent | d4555f267e284d14e9e877f8f82da8bcc2d76d7a (diff) |
common: Add mandatory length field to UDP receive calls
Current UDP receive reads up to MAX_UDP_LENGTH bytes into the
passed in buffer, which may lead to buffer overflow if the
write buffer is of insufficient size.
Add mandatory length argument to UDP socket receive calls.
Reported-by: Simone Margaritelli <simone@zimperium.com>
Signed-off-by: Tom Tsou <tom.tsou@ettus.com>
Diffstat (limited to 'Transceiver52M')
-rw-r--r-- | Transceiver52M/Transceiver.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Transceiver52M/Transceiver.cpp b/Transceiver52M/Transceiver.cpp index 7f13a09..23eea23 100644 --- a/Transceiver52M/Transceiver.cpp +++ b/Transceiver52M/Transceiver.cpp @@ -704,7 +704,7 @@ void Transceiver::driveControl(size_t chan) int msgLen = -1; buffer[0] = '\0'; - msgLen = mCtrlSockets[chan]->read(buffer); + msgLen = mCtrlSockets[chan]->read(buffer, sizeof(buffer)); if (msgLen < 1) { return; @@ -872,7 +872,7 @@ bool Transceiver::driveTxPriorityQueue(size_t chan) char buffer[gSlotLen+50]; // check data socket - size_t msgLen = mDataSockets[chan]->read(buffer); + size_t msgLen = mDataSockets[chan]->read(buffer, sizeof(buffer)); if (msgLen!=gSlotLen+1+4+1) { LOG(ERR) << "badly formatted packet on GSM->TRX interface"; |