diag_read_msg(): Discard any messages shorter than 3 bytes The 16bit CRC and the FLAG octet together are 3 bytes. If a message is shorter than that, something is going wrong, for sure.

commit: a115fbb1bbfeec9c6a10ac2ea2999e23be77336a [log] [tgz]
author: Harald Welte <laforge@gnumonks.org> Sat Jan 07 16:27:50 2017 +0100
committer: Harald Welte <laforge@gnumonks.org> Sun Jan 08 16:04:01 2017 +0100
tree: eb1dd6b310e4c3f1144e729d237e1016c290e925
parent: 4ae09361234ef6dff29548a528b9dfeba0329da6 [diff]
diff --git a/src/diag_io.c b/src/diag_io.c
index f5b1d52..9309774 100644
--- a/src/diag_io.c
+++ b/src/diag_io.c

@@ -123,6 +123,12 @@
 
 	if (rc == HDLC_COMPLETE) {
 		di->rx.msg = NULL;
+
+		if (msgb_length(msg) < 3) {
+			msgb_free(msg);
+			return NULL;
+		}
+
 		rc = crc_check(msgb_data(msg), msgb_length(msg));
 		if (rc) {
 			fprintf(stderr, "Bad CRC, dropping packet\n");
commit	a115fbb1bbfeec9c6a10ac2ea2999e23be77336a	[log] [tgz]
author	Harald Welte <laforge@gnumonks.org>	Sat Jan 07 16:27:50 2017 +0100
committer	Harald Welte <laforge@gnumonks.org>	Sun Jan 08 16:04:01 2017 +0100
tree	eb1dd6b310e4c3f1144e729d237e1016c290e925
parent	4ae09361234ef6dff29548a528b9dfeba0329da6 [diff]