Skip to content
Permalink
Browse files Browse the repository at this point in the history
- COTP: fixed possible heap buffer overflow when handling message wit…
…h invalid (zero) value in length field (#250)
  • Loading branch information
mzillgith committed Aug 12, 2020
1 parent 2ce48a7 commit 033ab5b
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/mms/iso_cotp/cotp.c
Expand Up @@ -720,6 +720,9 @@ CotpConnection_readToTpktBuffer(CotpConnection* self)
goto exit_waiting;
}

if (self->packetSize <= bufPos)
goto exit_error;

readBytes = readFromSocket(self, buffer + bufPos, self->packetSize - bufPos);

if (readBytes < 0)
Expand Down

0 comments on commit 033ab5b

Please sign in to comment.