libs/rt-thread-official
libs
/
rt-thread-official
mirror of https://github.com/RT-Thread/rt-thread.git
4
0
Fork 0
Code Issues Releases Wiki Activity

[HUST CSE][bsp][fix] Fix potential buffer overflow vulnerability (#7409)

This commit is contained in:
Jia Salix Ye 2023-05-04 22:38:48 +08:00 committed by GitHub
parent 1efe3071c7
commit 0d7e18df1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
bsp/simulator/pcap/pcap_netif.c
View File

@ -26,6 +26,10 @@
#include <rtthread.h>
#include <netif/ethernetif.h>
#define DBG_TAG "pcap.netif"
#define DBG_LVL DBG_INFO
#include <rtdbg.h>
#define MAX_ADDR_LEN 6
#define NETIF_DEVICE(netif) ((struct pcap_netif*)(netif))
@ -203,6 +207,14 @@ rt_err_t pcap_netif_tx( rt_device_t dev, struct pbuf* p)
/* lock EMAC device */
rt_sem_take(&sem_lock, RT_WAITING_FOREVER);
/* check if the total length of pbuf exceeds the size of buf */
if(p->tot_len > 2048)
{
LOG_E("Sending the packet: send data exceed max len 2048!");
rt_sem_release(&sem_lock);
return -RT_ERROR;
}
/* copy data to tx buffer */
q = p;
ptr = (rt_uint8_t*)buf;
@ -219,7 +231,7 @@ rt_err_t pcap_netif_tx( rt_device_t dev, struct pbuf* p)
if (res != 0)
{
rt_kprintf("Error sending the packet: \n", pcap_geterr(tap));
LOG_E("Sending the packet: %s", pcap_geterr(tap));
result = -RT_ERROR;
}