Added bugfix to stop parsing in frames with more data than specified

This commit is contained in:
Stefan Wahren 2012-04-06 18:57:55 +02:00
parent 56ed8a0839
commit 16716d83c1

View File

@ -2129,6 +2129,14 @@ mbus_parse(mbus_frame *frame, u_char *data, size_t data_size)
return MBUS_FRAME_FIXED_SIZE_LONG + len - data_size; return MBUS_FRAME_FIXED_SIZE_LONG + len - data_size;
} }
if (data_size > (size_t)(MBUS_FRAME_FIXED_SIZE_LONG + len))
{
snprintf(error_str, sizeof(error_str), "Too much data in frame.");
// too much data... ?
return -2;
}
// we got the whole packet, continue parsing // we got the whole packet, continue parsing
frame->start2 = data[3]; frame->start2 = data[3];
frame->control = data[4]; frame->control = data[4];