common: Add mandatory length field to UDP receive calls Current UDP receive reads up to MAX_UDP_LENGTH bytes into the passed in buffer, which may lead to buffer overflow if the write buffer is of insufficient size. Add mandatory length argument to UDP socket receive calls. Reported-by: Simone Margaritelli <simone@zimperium.com> Signed-off-by: Tom Tsou <tom.tsou@ettus.com>

commit: 2c650a6895f573e4455f55f0d1ed136ba8ae4744 [log] [tgz]
author: Tom Tsou <tom.tsou@ettus.com> Thu Apr 28 21:55:17 2016 -0700
committer: Tom Tsou <tom.tsou@ettus.com> Mon May 02 17:37:05 2016 -0700
tree: b0a1317a4cda61ba1d90dab064e1909a1f1057b9
parent: d4555f267e284d14e9e877f8f82da8bcc2d76d7a [diff] [blame]
diff --git a/Transceiver52M/Transceiver.cpp b/Transceiver52M/Transceiver.cpp
index 7f13a09..23eea23 100644
--- a/Transceiver52M/Transceiver.cpp
+++ b/Transceiver52M/Transceiver.cpp

@@ -704,7 +704,7 @@
   int msgLen = -1;
   buffer[0] = '\0';
 
-  msgLen = mCtrlSockets[chan]->read(buffer);
+  msgLen = mCtrlSockets[chan]->read(buffer, sizeof(buffer));
 
   if (msgLen < 1) {
     return;
@@ -872,7 +872,7 @@
   char buffer[gSlotLen+50];
 
   // check data socket
-  size_t msgLen = mDataSockets[chan]->read(buffer);
+  size_t msgLen = mDataSockets[chan]->read(buffer, sizeof(buffer));
 
   if (msgLen!=gSlotLen+1+4+1) {
     LOG(ERR) << "badly formatted packet on GSM->TRX interface";
commit	2c650a6895f573e4455f55f0d1ed136ba8ae4744	[log] [tgz]
author	Tom Tsou <tom.tsou@ettus.com>	Thu Apr 28 21:55:17 2016 -0700
committer	Tom Tsou <tom.tsou@ettus.com>	Mon May 02 17:37:05 2016 -0700
tree	b0a1317a4cda61ba1d90dab064e1909a1f1057b9
parent	d4555f267e284d14e9e877f8f82da8bcc2d76d7a [diff] [blame]