nirali sanghrajka
This is WIZnet Ethernet Interface using Hardware TCP/IP chip, W5500, W5200 and W5100. One of them can be selected by enabling it in wiznet.h.
Fork of
WIZnet_Library
by 
WIZnet
Revision 5:89edb39d8707, committed 2014-10-06
- Comitter:
- Bongjun
- Date:
- Mon Oct 06 01:35:09 2014 +0000
- Parent:
- 4:37a5586c4f64
- Child:
- 6:ca8405b9564d
- Commit message:
- Perform Length check here to prevent buffer overrun fixed by Sean Newton
Changed in this revision
| WIZnetInterface/Socket/UDPSocket.cpp | Show annotated file Show diff for this revision Revisions of this file |
--- a/WIZnetInterface/Socket/UDPSocket.cpp Wed Aug 20 02:17:02 2014 +0000
+++ b/WIZnetInterface/Socket/UDPSocket.cpp Mon Oct 06 01:35:09 2014 +0000
@@ -30,7 +30,7 @@
if (_sock_fd < 0) {
_sock_fd = eth->new_socket();
}
- if (eth->setProtocol(_sock_fd, UDP) == false) return -1;
+ if (eth->setProtocol(_sock_fd, UDP) == false) return -1;
return 0;
}
@@ -78,11 +78,18 @@
}
eth->recv(_sock_fd, (char*)info, sizeof(info));
readEndpoint(remote, info);
- int udp_size = info[6]<<8|info[7];
+ int udp_size = info[6]<<8|info[7];
//TEST_ASSERT(udp_size <= (size-sizeof(info)));
if (udp_size > (size-sizeof(info))) {
return -1;
}
+
+ /* Perform Length check here to prevent buffer overrun */
+ /* fixed by Sean Newton (https://developer.mbed.org/users/SeanNewton/) */
+ if (udp_size > length) {
+ //printf("udp_size: %d\n",udp_size);
+ return -1;
+ }
return eth->recv(_sock_fd, buffer, udp_size);
}