From 0b2d97c7383b6aff0057eafcdf2281f717ba0d1a Mon Sep 17 00:00:00 2001
From: Michael Zillgith <michael.zillgith@mz-automation.de>
Date: Fri, 1 Mar 2019 12:02:56 +0100
Subject: [PATCH] - COTP: added payload length validation (see github #127)

---
 src/mms/iso_cotp/cotp.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/mms/iso_cotp/cotp.c b/src/mms/iso_cotp/cotp.c
index 2b39d4df3..a6ef5ad89 100644
--- a/src/mms/iso_cotp/cotp.c
+++ b/src/mms/iso_cotp/cotp.c
@@ -571,6 +571,13 @@ parseDataTpdu(CotpConnection* self, uint8_t* buffer, uint8_t len)
 static bool
 addPayloadToBuffer(CotpConnection* self, uint8_t* buffer,  int payloadLength)
 {
+    if (payloadLength < 1) {
+        if (DEBUG_COTP)
+            printf("COTP: missing payload\n");
+
+        return false;
+    }
+
     if (DEBUG_COTP)
         printf("COTP: add to payload buffer (cur size: %i, len: %i)\n", self->payload->size, payloadLength);