1 |
From 08edc49d8f63c75bfdfb480b083b0d960310f94f Mon Sep 17 00:00:00 2001 |
2 |
From: Eric S. Raymond <esr@thyrsus.com> |
3 |
Date: Thu, 11 Apr 2013 02:22:34 +0000 |
4 |
Subject: Address Savannah bug #38511: |
5 |
|
6 |
ais_context->bitlen <= sizeof(ais_context->bits)/8 is not checked |
7 |
--- |
8 |
diff --git a/driver_aivdm.c b/driver_aivdm.c |
9 |
index 8d6ebd0..e663290 100644 |
10 |
--- a/driver_aivdm.c |
11 |
+++ b/driver_aivdm.c |
12 |
@@ -195,6 +195,10 @@ static bool aivdm_decode(const char *buf, size_t buflen, |
13 |
(1 << (7 - ais_context->bitlen % 8)); |
14 |
} |
15 |
ais_context->bitlen++; |
16 |
+ if (ais_context->bitlen > sizeof(ais_context->bits)) { |
17 |
+ gpsd_report(LOG_INF, "overlong AIVDM payload truncated.\n"); |
18 |
+ return false; |
19 |
+ } |
20 |
} |
21 |
/*@ +shiftnegative @*/ |
22 |
} |
23 |
-- |
24 |
cgit v0.9.0.2 |