- ACSE: fixed out-of-bounds read in parseAarqPdu function (LIB61850-441)(#512)

pull/515/head
Michael Zillgith 1 year ago
parent ac17349053
commit 501dffe6d0

@ -263,13 +263,17 @@ parseAarqPdu(AcseConnection* self, uint8_t* buffer, int bufPos, int maxBufPos)
int authMechLen = 0;
bool userInfoValid = false;
while (bufPos < maxBufPos) {
while (bufPos < maxBufPos)
{
uint8_t tag = buffer[bufPos++];
int len;
bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos);
if (bufPos < 0) {
if (len == 0)
continue;
if ((bufPos < 0) || (bufPos + len > maxBufPos)) {
if (DEBUG_ACSE)
printf("ACSE: Invalid PDU!\n");
return ACSE_ASSOCIATE_FAILED;

Loading…
Cancel
Save