Skip to content
Snippets Groups Projects
Commit 6147a168 authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Fix buffer underflow checks in get functions

parent 0a3c7b9c
No related branches found
No related tags found
No related merge requests found
Pipeline #5171 failed
Stage: build
Show whitespace changes
Inline Side-by-side
Showing
with 2 additions and 2 deletions
src/sftp/sftp_pkt.c
+ 2
2
View file @ 6147a168
...@@ -128,7 +128,7 @@ sftp_remove_packet(sftp_rx_pkt_t pkt) ...@@ -128,7 +128,7 @@ sftp_remove_packet(sftp_rx_pkt_t pkt)
#define GET_FUNC_BODY \ #define GET_FUNC_BODY \
assert(pkt); \ assert(pkt); \
if (pkt->cur + sizeof(ret) > pkt->sz) \ if (pkt->cur + offsetof(struct sftp_rx_pkt, data) + sizeof(ret) > pkt->sz) \
return 0; \ return 0; \
memcpy(&ret, &pkt->data[pkt->cur], sizeof(ret)); \ memcpy(&ret, &pkt->data[pkt->cur], sizeof(ret)); \
pkt->cur += sizeof(ret) pkt->cur += sizeof(ret)
...@@ -166,7 +166,7 @@ sftp_getstring(sftp_rx_pkt_t pkt) ...@@ -166,7 +166,7 @@ sftp_getstring(sftp_rx_pkt_t pkt)
{ {
assert(pkt); assert(pkt);
uint32_t sz = sftp_get32(pkt); uint32_t sz = sftp_get32(pkt);
if (pkt->cur + sizeof(sz) > pkt->sz) if (pkt->cur + offsetof(struct sftp_rx_pkt, data) + sizeof(sz) > pkt->sz)
return NULL; return NULL;
sftp_str_t ret = sftp_memdup(&pkt->data[pkt->cur], sz); sftp_str_t ret = sftp_memdup(&pkt->data[pkt->cur], sz);
if (ret == NULL) if (ret == NULL)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment