sysmocom
/
ofono
mirror of git://git.sysmocom.de/ofono
11
0
Fork 0
Code Issues Releases Activity

mbim: Add additional sanity checking 

For zero element arrays we might inadvertently run past the end of the
iov buffer.  Fix this by adding additional checks that n_elem > 0 and
don't call _iter_get_data unless needed.
This commit is contained in:
Denis Kenzior 2017-11-07 12:35:01 -06:00
parent dc8574ba55
commit bae2843eac
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/mbimmodem/mbim-message.c
View File

@ -225,8 +225,6 @@ static inline void _iter_init_internal(struct mbim_message_iter *iter,
iter->pos = pos;
iter->n_elem = n_elem;
iter->container_type = container_type;
_iter_get_data(iter, iter->pos);
}
static bool _iter_next_entry_basic(struct mbim_message_iter *iter,
@ -312,6 +310,9 @@ static bool _iter_enter_array(struct mbim_message_iter *iter,
bool fixed;
uint32_t offset;
if (iter->container_type == CONTAINER_TYPE_ARRAY && !iter->n_elem)
return false;
if (iter->sig_start[iter->sig_pos] != 'a')
return false;
@ -374,6 +375,9 @@ static bool _iter_enter_struct(struct mbim_message_iter *iter,
const char *sig_end;
const void *data;
if (iter->container_type == CONTAINER_TYPE_ARRAY && !iter->n_elem)
return false;
if (iter->sig_start[iter->sig_pos] != '(')
return false;