OSDN -- Desenvolver e Download de Software Open Source
Estado tradução de Português translation status for pt
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

system/core


Commit MetaInfo

Revisão2e55ec2a45650ddeb443c249c99f142d082d9d83 (tree)
Hora2017-11-14 10:30:10
Autortintin <tintinweb@osts...>
CommiterNikoli Cartagena

Mensagem de Log

libnetutil: Check dhcp respose packet length

Bug: 67474440
Test: Manual

Change-Id: I84b533f0101a56ec01e64c7591f3c7e82f513b2e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
(cherry picked from commit 61f25d4a3657e79659963d12005afa8c30883015)

Mudança Sumário

Diff

--- a/libnetutils/packet.c
+++ b/libnetutils/packet.c
@@ -219,6 +219,20 @@ int receive_packet(int s, struct dhcp_msg *msg)
219219 * to construct the pseudo header used in the checksum calculation.
220220 */
221221 dhcp_size = ntohs(packet.udp.len) - sizeof(packet.udp);
222+ /*
223+ * check validity of dhcp_size.
224+ * 1) cannot be negative or zero.
225+ * 2) src buffer contains enough bytes to copy
226+ * 3) cannot exceed destination buffer
227+ */
228+ if ((dhcp_size <= 0) ||
229+ ((int)(nread - sizeof(struct iphdr) - sizeof(struct udphdr)) < dhcp_size) ||
230+ ((int)sizeof(struct dhcp_msg) < dhcp_size)) {
231+#if VERBOSE
232+ ALOGD("Malformed Packet");
233+#endif
234+ return -1;
235+ }
222236 saddr = packet.ip.saddr;
223237 daddr = packet.ip.daddr;
224238 nread = ntohs(packet.ip.tot_len);