From 58518750e7ebf0eefc9d94bf4b20014ba5d381e7 Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Wed, 10 Jul 2024 18:17:59 +0100 Subject: [PATCH] - added check for PDU size with security extension --- src/goose/goose_receiver.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/goose/goose_receiver.c b/src/goose/goose_receiver.c index 0157eea6..4206cd42 100644 --- a/src/goose/goose_receiver.c +++ b/src/goose/goose_receiver.c @@ -1022,6 +1022,13 @@ parseGooseMessage(GooseReceiver self, uint8_t* buffer, int numbytes) { printf("CRC check - FAILED (expected: %04x actual: %04x)\n", secExtCrc, crc); } + + /* verify correct lenght of message including security extension */ + if (numbytes < length + headerLength + secExtLength) { + //if (DEBUG_GOOSE_SUBSCRIBER) + printf("GOOSE_SUBSCRIBER: Invalid PDU size (security extension is missing)\n"); + return; + } } /* check if there is an interested subscriber */