RYTEC
/
libiec61850
mirror of https://github.com/mz-automation/libiec61850.git
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- fixed out-of-bound read in parseAarePdu function (LIB61850-442)(#513)

Browse Source
v1.5
Michael Zillgith 1 year ago
parent a49d0cc78b
commit c62287c7c3
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File

14
src/mms/iso_acse/acse.c
Unescape Escape View File

@ -126,7 +126,10 @@ parseUserInformation(AcseConnection* self, uint8_t* buffer, int bufPos, int maxB
bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos); bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos);
if (bufPos < 0) { if (len == 0)
continue;
if ((bufPos < 0) || (bufPos + len > maxBufPos)) {
*userInfoValid = false; *userInfoValid = false;
return -1; return -1;
} }
@ -186,8 +189,15 @@ parseAarePdu(AcseConnection* self, uint8_t* buffer, int bufPos, int maxBufPos)
int len; int len;
bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos); bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos);
if (bufPos < 0)
if (len == 0)
continue;
if ((bufPos < 0) || (bufPos + len > maxBufPos)) {
if (DEBUG_ACSE)
printf("ACSE: Invalid PDU!\n");
return ACSE_ERROR; return ACSE_ERROR;
}
switch (tag) switch (tag)
{ {

Write Preview
Loading…
Cancel
Save