Apple-2-SW/contiki
1
0
Fork 0
mirror of https://github.com/oliverschmidt/contiki.git synced 2024-06-26 14:29:33 +00:00
Code Issues Projects Releases Wiki Activity

Added check for illegal attributes in packet attribute serialization

Browse Source
This commit is contained in:
Niclas Finne 2012-04-20 13:27:43 +02:00
parent 1733f3b6bc
commit 28c62208cb
2 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/slip-cmd/packetutils.c
View File

@ -70,7 +70,16 @@ packetutils_deserialize_atts(const uint8_t *data, int size)
pos = 0; pos = 0;
cnt = data[pos++]; cnt = data[pos++];
PRINTF("packetutils: deserializing %d packet atts:", cnt); PRINTF("packetutils: deserializing %d packet atts:", cnt);
if(cnt > PACKETBUF_NUM_ATTRS) {
PRINTF(" *** too many: %u!\n", PACKETBUF_NUM_ATTRS);
return -1;
}
for(i = 0; i < cnt; i++) { for(i = 0; i < cnt; i++) {
if(data[pos] >= PACKETBUF_NUM_ATTRS) {
/* illegal attribute identifier */
PRINTF(" *** unknown attribute %u\n", data[pos]);
return -1;
}
PRINTF(" %d=%d", data[pos], (data[pos + 1] << 8) | data[pos + 2]); PRINTF(" %d=%d", data[pos], (data[pos + 1] << 8) | data[pos + 2]);
packetbuf_set_attr(data[pos], (data[pos + 1] << 8) | data[pos + 2]); packetbuf_set_attr(data[pos], (data[pos + 1] << 8) | data[pos + 2]);
pos += 3; pos += 3;

14
examples/ipv6/slip-radio/slip-radio.c
View File

@ -99,9 +99,12 @@ slip_radio_cmd_handler(const uint8_t *data, int len)
packet_ids[packet_pos] = data[2]; packet_ids[packet_pos] = data[2];
packetbuf_clear(); packetbuf_clear();
pos = 3; pos = packetutils_deserialize_atts(&data[3], len - 3);
pos += packetutils_deserialize_atts(&data[pos], len - pos); if(pos < 0) {
PRINTF("slip-radio: illegal packet attributes\n");
return 1;
}
pos += 3;
len -= pos; len -= pos;
if(len > PACKETBUF_SIZE) { if(len > PACKETBUF_SIZE) {
len = PACKETBUF_SIZE; len = PACKETBUF_SIZE;
@ -109,11 +112,12 @@ slip_radio_cmd_handler(const uint8_t *data, int len)
memcpy(packetbuf_dataptr(), &data[pos], len); memcpy(packetbuf_dataptr(), &data[pos], len);
packetbuf_set_datalen(len); packetbuf_set_datalen(len);
PRINTF("slip-radio: sending: %d\n", packetbuf_datalen()); PRINTF("slip-radio: sending %u (%d bytes)\n",
data[2], packetbuf_datalen());
/* parse frame before sending to get addresses, etc. */ /* parse frame before sending to get addresses, etc. */
no_framer.parse(); no_framer.parse();
NETSTACK_MAC.send(&packet_sent, &packet_ids[packet_pos]); NETSTACK_MAC.send(packet_sent, &packet_ids[packet_pos]);
packet_pos++; packet_pos++;
if(packet_pos >= sizeof(packet_ids)) { if(packet_pos >= sizeof(packet_ids)) {