diff options
| author | James Prestwood <prestwoj@gmail.com> | 2024-02-29 09:07:34 -0800 |
|---|---|---|
| committer | Denis Kenzior <denkenz@gmail.com> | 2024-02-29 14:36:16 -0600 |
| commit | 83c032a58357f968382c942e676f463ceac5e37a (patch) | |
| tree | 16d4522ce8c1934d3f656b9497951cf980637c16 | |
| parent | d34b4e16e045142590ed7cb653e01ed0ae5362eb (diff) | |
p2putil: check length of client info description
A length check was missing which could cause a out of bounds read.
Co-authored-by: Alex Radocea <alex@supernetworks.org>
| -rw-r--r-- | src/p2putil.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/p2putil.c b/src/p2putil.c index c90810e56..d1f114d0f 100644 --- a/src/p2putil.c +++ b/src/p2putil.c @@ -376,6 +376,9 @@ static bool extract_p2p_group_info(const uint8_t *attr, size_t len, desc = l_new(struct p2p_client_info_descriptor, 1); l_queue_push_tail(*out, desc); + if (desc_len < 24) + goto error; + memcpy(desc->device_addr, attr + 0, 6); memcpy(desc->interface_addr, attr + 6, 6); desc->device_caps = attr[12]; |