devices: Size limit when reading RFS data

Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
author: Paul Kocialkowski <contact@paulk.fr> 2014-08-02 16:19:28 +0200
committer: Paul Kocialkowski <contact@paulk.fr> 2014-08-02 16:19:28 +0200
commit: 9c72075db1e335e936ae72f6d8bcf18b1e5a254e (patch)
tree: 6528ed4521af87a92674c42758daedf929fc3ce9 /samsung-ipc/devices/aries/aries.c
parent: 5bd35c74cbe3aed1dc8010f42c593e3b2f0add99 (diff)
download: external_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.zip
external_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.tar.gz
external_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/samsung-ipc/devices/aries/aries.c b/samsung-ipc/devices/aries/aries.c
index 99b60c7..c285ba6 100644
--- a/samsung-ipc/devices/aries/aries.c
+++ b/samsung-ipc/devices/aries/aries.c
@@ -435,6 +435,10 @@ int aries_rfs_recv(struct ipc_client *client, struct ipc_message *message)
     }
 
     header = (struct ipc_rfs_header *) buffer;
+    if (header->length > ARIES_DATA_SIZE_LIMIT) {
+        ipc_client_log(client, "Invalid RFS header length: %u", header->length);
+        goto error;
+    }
 
     ipc_rfs_message_setup(header, message);
author	Paul Kocialkowski <contact@paulk.fr>	2014-08-02 16:19:28 +0200
committer	Paul Kocialkowski <contact@paulk.fr>	2014-08-02 16:19:28 +0200
commit	9c72075db1e335e936ae72f6d8bcf18b1e5a254e (patch)
tree	6528ed4521af87a92674c42758daedf929fc3ce9 /samsung-ipc/devices/aries/aries.c
parent	5bd35c74cbe3aed1dc8010f42c593e3b2f0add99 (diff)
download	external_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.zip external_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.tar.gz external_libsamsung-ipc-9c72075db1e335e936ae72f6d8bcf18b1e5a254e.tar.bz2