RYTEC
/
libiec61850
mirror of https://github.com/mz-automation/libiec61850.git
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- COTP: fixed possible heap buffer overflow when handling message with invalid (zero) value in length field (#250)

Browse Source
pull/254/head
Michael Zillgith 5 years ago
parent 2ce48a7a32
commit 033ab5b648
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
src/mms/iso_cotp/cotp.c
Unescape Escape View File

@ -720,6 +720,9 @@ CotpConnection_readToTpktBuffer(CotpConnection* self)
goto exit_waiting; goto exit_waiting;
} }
if (self->packetSize <= bufPos)
goto exit_error;
readBytes = readFromSocket(self, buffer + bufPos, self->packetSize - bufPos); readBytes = readFromSocket(self, buffer + bufPos, self->packetSize - bufPos);
if (readBytes < 0) if (readBytes < 0)

Write Preview
Loading…
Cancel
Save