Skip to content

Commit

Permalink
- fixed out-of-bound read in parseAarePdu function (LIB61850-442)(#513)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mzillgith
mzillgith committed Aug 12, 2024
1 parent a49d0cc commit c62287c
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions src/mms/iso_acse/acse.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,10 @@ parseUserInformation(AcseConnection* self, uint8_t* buffer, int bufPos, int maxB

bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos);

if (bufPos < 0) {
if (len == 0)
continue;

if ((bufPos < 0) || (bufPos + len > maxBufPos)) {
*userInfoValid = false;
return -1;
}
Expand Down Expand Up @@ -186,8 +189,15 @@ parseAarePdu(AcseConnection* self, uint8_t* buffer, int bufPos, int maxBufPos)
int len;

bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos);
if (bufPos < 0)

if (len == 0)
continue;

if ((bufPos < 0) || (bufPos + len > maxBufPos)) {
if (DEBUG_ACSE)
printf("ACSE: Invalid PDU!\n");
return ACSE_ERROR;
}

switch (tag)
{
Expand Down

0 comments on commit c62287c

Please sign in to comment.