From f7f3c2ae8f579bc422dc6998f7d5e52cca30046a Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Sun, 27 Feb 2022 18:53:27 +0100 Subject: [PATCH] - fixed vulnerability of GOOSE subscriber to malformed messages (LIB61850-304) --- src/goose/goose_receiver.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/goose/goose_receiver.c b/src/goose/goose_receiver.c index 36a1229d..121d0a9d 100644 --- a/src/goose/goose_receiver.c +++ b/src/goose/goose_receiver.c @@ -151,6 +151,12 @@ parseAllData(uint8_t* buffer, int allDataLength, MmsValue* dataSetValues) MmsValue* value = MmsValue_getElement(dataSetValues, elementIndex); + if (value == NULL) { + if (DEBUG_GOOSE_SUBSCRIBER) + printf("GOOSE_SUBSCRIBER: type mismatch (element %i not found)\n", elementIndex); + return GOOSE_PARSE_ERROR_TYPE_MISMATCH; + } + bufPos = BerDecoder_decodeLength(buffer, &elementLength, bufPos, allDataLength); if (bufPos < 0) { pe = GOOSE_PARSE_ERROR_TAGDECODE;