From 2335deb742fca9bc5c5456d2b80f1b48ebafec99 Mon Sep 17 00:00:00 2001 From: Stefan Wahren Date: Sat, 22 Dec 2012 00:08:59 +0100 Subject: [PATCH] Fix segmentation fault - check if L Field is at least 3 to avoid crash (MBDOC48.PDF, page 23) --- mbus/mbus-protocol.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mbus/mbus-protocol.c b/mbus/mbus-protocol.c index 0e9530d..44d56dd 100755 --- a/mbus/mbus-protocol.c +++ b/mbus/mbus-protocol.c @@ -2554,6 +2554,14 @@ mbus_parse(mbus_frame *frame, u_char *data, size_t data_size) frame->length1 = data[1]; frame->length2 = data[2]; + if (frame->length1 < 3) + { + snprintf(error_str, sizeof(error_str), "Invalid M-Bus frame length."); + + // not a valid M-bus frame + return -2; + } + if (frame->length1 != frame->length2) { snprintf(error_str, sizeof(error_str), "Invalid M-Bus frame length.");