From: Marcel Holtmann <marcel@holtmann.org>
To: ofono@ofono.org
Subject: Re: [PATCH 1/3] add some length verification to avoid reading not owned memory
Date: Fri, 23 Mar 2012 12:09:11 -0700 [thread overview]
Message-ID: <1332529751.1870.57.camel@aeonflux> (raw)
In-Reply-To: <1330417045-26518-1-git-send-email-jr_extern@vfnet.de>
[-- Attachment #1: Type: text/plain, Size: 1474 bytes --]
Hi Jens,
please prefix the subject line with the files that get changed. So
something like push: would be good.
> src/push.c | 8 +++++++-
> 1 files changed, 7 insertions(+), 1 deletions(-)
>
> diff --git a/src/push.c b/src/push.c
> index 6a54907..6107352 100644
> --- a/src/push.c
> +++ b/src/push.c
> @@ -351,13 +351,16 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int len,
> /* Consume TID and Type */
> nread = 2;
>
> - if (wsp_decode_uintvar(pdu + nread, len,
> + if (wsp_decode_uintvar(pdu + nread, len - nread,
> &headerslen, &consumed) == FALSE)
> return FALSE;
>
> /* Consume uintvar bytes */
> nread += consumed;
>
> + /* Check if content type could be read */
> + if (headerslen > (len - nread))
> + return FALSE;
No need for (len - nread). Just do > len - nread.
> /* Try to decode content-type */
> if (wsp_decode_content_type(pdu + nread, headerslen, &ct,
> &consumed, ¶m_len) == FALSE)
> @@ -370,6 +373,9 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int len,
> consumed += param_len;
> nread += consumed;
>
> + /* Check if application_id could be read */
> + if ((headerslen - consumed) > (len - nread))
> + return FALSE;
Same here (headerslen - consumed > len - nread) is good enough.
> /* Parse header to decode application_id */
> wsp_header_iter_init(&iter, pdu + nread, headerslen - consumed, 0);
>
Regards
Marcel
prev parent reply other threads:[~2012-03-23 19:09 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-28 8:17 [PATCH 1/3] add some length verification to avoid reading not owned memory jr_extern
2012-02-28 8:17 ` [PATCH 2/3] changing depreciated libtool initialization to modern one jr_extern
2012-02-28 16:15 ` Jens Rehsack
2012-03-23 19:09 ` Marcel Holtmann
2012-02-28 8:17 ` [PATCH 3/3] let configure find required libs jr_extern
2012-03-23 19:11 ` Marcel Holtmann
2012-03-23 19:09 ` Marcel Holtmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1332529751.1870.57.camel@aeonflux \
--to=marcel@holtmann.org \
--cc=ofono@ofono.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox