patrick/zephyr
1
0
Fork 0
Code Issues Pull requests Actions 8 Packages Projects Releases Wiki Activity

drivers: modem: wncm14a2a: Fix illegal mem access in on_cmd_sockread()

Browse source 
We can't let i == value_size during the loop which gathers characters
for the length.  If we do, the next check of "value[i] != ','" would
access memory beyond the value boundary.

Fixes: https://github.com/zephyrproject-rtos/zephyr/issues/12290

Signed-off-by: Michael Scott <mike@foundries.io>
This commit is contained in:
Michael Scott 2019-03-05 09:46:21 -08:00 committed by Kumar Gala
parent 90132d3543
commit 693827d09b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
drivers/modem/wncm14a2a.c
View file

@ -789,7 +789,7 @@ static void on_cmd_sockread(struct net_buf **buf, u16_t len)
i = 0; i = 0;
value_size = sizeof(value); value_size = sizeof(value);
(void)memset(value, 0, value_size); (void)memset(value, 0, value_size);
while (*buf && i < value_size) { while (*buf && i < value_size - 1) {
value[i++] = net_buf_pull_u8(*buf); value[i++] = net_buf_pull_u8(*buf);
len--; len--;
if (!(*buf)->len) { if (!(*buf)->len) {