[HUST CSE][bsp][fix] Fix potential buffer overflow vulnerability (#7409)

This commit is contained in:
Jia Salix Ye 2023-05-04 22:38:48 +08:00 committed by GitHub
parent 1efe3071c7
commit 0d7e18df1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions

View File

@ -26,6 +26,10 @@
#include <rtthread.h> #include <rtthread.h>
#include <netif/ethernetif.h> #include <netif/ethernetif.h>
#define DBG_TAG "pcap.netif"
#define DBG_LVL DBG_INFO
#include <rtdbg.h>
#define MAX_ADDR_LEN 6 #define MAX_ADDR_LEN 6
#define NETIF_DEVICE(netif) ((struct pcap_netif*)(netif)) #define NETIF_DEVICE(netif) ((struct pcap_netif*)(netif))
@ -203,6 +207,14 @@ rt_err_t pcap_netif_tx( rt_device_t dev, struct pbuf* p)
/* lock EMAC device */ /* lock EMAC device */
rt_sem_take(&sem_lock, RT_WAITING_FOREVER); rt_sem_take(&sem_lock, RT_WAITING_FOREVER);
/* check if the total length of pbuf exceeds the size of buf */
if(p->tot_len > 2048)
{
LOG_E("Sending the packet: send data exceed max len 2048!");
rt_sem_release(&sem_lock);
return -RT_ERROR;
}
/* copy data to tx buffer */ /* copy data to tx buffer */
q = p; q = p;
ptr = (rt_uint8_t*)buf; ptr = (rt_uint8_t*)buf;
@ -219,7 +231,7 @@ rt_err_t pcap_netif_tx( rt_device_t dev, struct pbuf* p)
if (res != 0) if (res != 0)
{ {
rt_kprintf("Error sending the packet: \n", pcap_geterr(tap)); LOG_E("Sending the packet: %s", pcap_geterr(tap));
result = -RT_ERROR; result = -RT_ERROR;
} }