ubx.c: Add some more error checking code
diff --git a/ubx.c b/ubx.c
index 83dd1f0..273c02e 100644
--- a/ubx.c
+++ b/ubx.c
@@ -60,11 +60,26 @@
uint8_t cksum[2], *cksum_ptr;
ubx_msg_handler_t h;
+ if (len < 2) {
+ fprintf(stderr, "[!] Length too small (%d)\n", len);
+ return -1;
+ }
+
if ((hdr->sync[0] != UBX_SYNC0) || (hdr->sync[1] != UBX_SYNC1)) {
fprintf(stderr, "[!] Invalid sync bytes\n");
return -1;
}
+ if (len < sizeof(struct ubx_hdr)) {
+ fprintf(stderr, "[!] Length too small for UBX header (%d)\n", len);
+ return -1;
+ }
+
+ if (len < sizeof(struct ubx_hdr) + hdr->payload_len - 2) {
+ fprintf(stderr, "[!] Length too small for UBX header and payload (%d)\n", len);
+ return -1;
+ }
+
ubx_checksum(msg + 2, sizeof(struct ubx_hdr) + hdr->payload_len - 2, cksum);
cksum_ptr = msg + (sizeof(struct ubx_hdr) + hdr->payload_len);
if ((cksum_ptr[0] != cksum[0]) || (cksum_ptr[1] != cksum[1])) {