diff options
author | Paul Kocialkowski <contact@paulk.fr> | 2014-08-02 16:19:28 +0200 |
---|---|---|
committer | Paul Kocialkowski <contact@paulk.fr> | 2014-08-02 16:19:28 +0200 |
commit | 9c72075db1e335e936ae72f6d8bcf18b1e5a254e (patch) | |
tree | 6528ed4521af87a92674c42758daedf929fc3ce9 /samsung-ipc/devices/crespo | |
parent | 5bd35c74cbe3aed1dc8010f42c593e3b2f0add99 (diff) | |
download | hardware_replicant_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.tar.gz hardware_replicant_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.tar.bz2 hardware_replicant_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.zip |
devices: Size limit when reading RFS data
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Diffstat (limited to 'samsung-ipc/devices/crespo')
-rw-r--r-- | samsung-ipc/devices/crespo/crespo.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/samsung-ipc/devices/crespo/crespo.c b/samsung-ipc/devices/crespo/crespo.c index 97c1541..31bf273 100644 --- a/samsung-ipc/devices/crespo/crespo.c +++ b/samsung-ipc/devices/crespo/crespo.c @@ -180,7 +180,7 @@ int crespo_fmt_recv(struct ipc_client *client, struct ipc_message *message) mio.data = calloc(1, mio.size); rc = client->handlers->read(client->handlers->transport_data, &mio, sizeof(struct modem_io) + mio.size); - if (rc < 0 || mio.data == NULL || mio.size < sizeof(struct ipc_fmt_header)) { + if (rc < 0 || mio.data == NULL || mio.size < sizeof(struct ipc_fmt_header) || mio.size > CRESPO_BUFFER_LENGTH) { ipc_client_log(client, "Reading FMT data failed"); goto error; } @@ -264,7 +264,7 @@ int crespo_rfs_recv(struct ipc_client *client, struct ipc_message *message) mio.data = calloc(1, mio.size); rc = client->handlers->read(client->handlers->transport_data, &mio, sizeof(struct modem_io) + mio.size); - if (rc < 0 || mio.data == NULL || mio.size <= 0) { + if (rc < 0 || mio.data == NULL || mio.size <= 0 || mio.size > CRESPO_BUFFER_LENGTH) { ipc_client_log(client, "Reading RFS data failed"); goto error; } |