[HUST CSE][bsp][fix] Fix potential buffer overflow vulnerability (#7409)
This commit is contained in:
parent
1efe3071c7
commit
0d7e18df1e
|
@ -26,6 +26,10 @@
|
||||||
#include <rtthread.h>
|
#include <rtthread.h>
|
||||||
#include <netif/ethernetif.h>
|
#include <netif/ethernetif.h>
|
||||||
|
|
||||||
|
#define DBG_TAG "pcap.netif"
|
||||||
|
#define DBG_LVL DBG_INFO
|
||||||
|
#include <rtdbg.h>
|
||||||
|
|
||||||
#define MAX_ADDR_LEN 6
|
#define MAX_ADDR_LEN 6
|
||||||
|
|
||||||
#define NETIF_DEVICE(netif) ((struct pcap_netif*)(netif))
|
#define NETIF_DEVICE(netif) ((struct pcap_netif*)(netif))
|
||||||
|
@ -203,6 +207,14 @@ rt_err_t pcap_netif_tx( rt_device_t dev, struct pbuf* p)
|
||||||
/* lock EMAC device */
|
/* lock EMAC device */
|
||||||
rt_sem_take(&sem_lock, RT_WAITING_FOREVER);
|
rt_sem_take(&sem_lock, RT_WAITING_FOREVER);
|
||||||
|
|
||||||
|
/* check if the total length of pbuf exceeds the size of buf */
|
||||||
|
if(p->tot_len > 2048)
|
||||||
|
{
|
||||||
|
LOG_E("Sending the packet: send data exceed max len 2048!");
|
||||||
|
rt_sem_release(&sem_lock);
|
||||||
|
return -RT_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
/* copy data to tx buffer */
|
/* copy data to tx buffer */
|
||||||
q = p;
|
q = p;
|
||||||
ptr = (rt_uint8_t*)buf;
|
ptr = (rt_uint8_t*)buf;
|
||||||
|
@ -219,7 +231,7 @@ rt_err_t pcap_netif_tx( rt_device_t dev, struct pbuf* p)
|
||||||
|
|
||||||
if (res != 0)
|
if (res != 0)
|
||||||
{
|
{
|
||||||
rt_kprintf("Error sending the packet: \n", pcap_geterr(tap));
|
LOG_E("Sending the packet: %s", pcap_geterr(tap));
|
||||||
result = -RT_ERROR;
|
result = -RT_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue