diag_read_msg(): Discard any messages shorter than 3 bytes
The 16bit CRC and the FLAG octet together are 3 bytes. If a message is
shorter than that, something is going wrong, for sure.
diff --git a/src/diag_io.c b/src/diag_io.c
index f5b1d52..9309774 100644
--- a/src/diag_io.c
+++ b/src/diag_io.c
@@ -123,6 +123,12 @@
if (rc == HDLC_COMPLETE) {
di->rx.msg = NULL;
+
+ if (msgb_length(msg) < 3) {
+ msgb_free(msg);
+ return NULL;
+ }
+
rc = crc_check(msgb_data(msg), msgb_length(msg));
if (rc) {
fprintf(stderr, "Bad CRC, dropping packet\n");