gobex: Fix decoding byte array headers with too small length

author Johan Hedberg <johan.hedberg@intel.com>

Thu, 6 Oct 2011 11:31:13 +0000 (14:31 +0300)

committer Marcel Holtmann <marcel@holtmann.org>

Tue, 4 Dec 2012 21:22:03 +0000 (22:22 +0100)
author Johan Hedberg <johan.hedberg@intel.com>
Thu, 6 Oct 2011 11:31:13 +0000 (14:31 +0300)
committer Marcel Holtmann <marcel@holtmann.org>
Tue, 4 Dec 2012 21:22:03 +0000 (22:22 +0100)
diff --git a/gobex/gobex-header.c b/gobex/gobex-header.c

index 9096f44..68e2341 100644 (file)
--- a/gobex/gobex-header.c
+++ b/gobex/gobex-header.c
@@ -208,6 +208,13 @@ GObexHeader *g_obex_header_decode(const void *data, gsize len,
                         goto failed;
                 }
  
+               if (hdr_len < 3) {
+                       g_set_error(err, G_OBEX_ERROR,
+                                       G_OBEX_ERROR_PARSE_ERROR,
+                                       "Too small byte array length");
+                       goto failed;
+               }
+
                 header->vlen = hdr_len - 3;
                 header->hlen = hdr_len;
  
diff --git a/unit/test-gobex-header.c b/unit/test-gobex-header.c

index 93da949..86e69f3 100644 (file)
--- a/unit/test-gobex-header.c
+++ b/unit/test-gobex-header.c
@@ -46,6 +46,7 @@ static uint8_t hdr_unicode_nval_data[] = { G_OBEX_HDR_NAME, 0x00, 0x01,
  static uint8_t hdr_bytes_nval_short[] = { G_OBEX_HDR_BODY, 0xab, 0xcd,
                                                 0x01, 0x02, 0x03 };
  static uint8_t hdr_bytes_nval_data[] = { G_OBEX_HDR_BODY, 0xab };
+static uint8_t hdr_bytes_nval_len[] = { G_OBEX_HDR_BODY, 0x00, 0x00 };
  
  static void test_header_name_empty(void)
  {
@@ -407,6 +408,11 @@ static void test_decode_header_bytes_nval_data(void)
         decode_header_nval(hdr_bytes_nval_data, sizeof(hdr_bytes_nval_data));
  }
  
+static void test_decode_header_bytes_nval_len(void)
+{
+       decode_header_nval(hdr_bytes_nval_len, sizeof(hdr_bytes_nval_len));
+}
+
  static void test_decode_header_multi(void)
  {
         GObexHeader *header;
@@ -486,6 +492,8 @@ int main(int argc, char *argv[])
                                         test_decode_header_bytes_nval_short);
         g_test_add_func("/gobex/test_decode_header_bytes_nval_data",
                                         test_decode_header_bytes_nval_data);
+       g_test_add_func("/gobex/test_decode_header_bytes_nval_len",
+                                       test_decode_header_bytes_nval_len);
  
         g_test_add_func("/gobex/test_header_encode_connid",
                                                 test_header_encode_connid);
author	Johan Hedberg <johan.hedberg@intel.com>
	Thu, 6 Oct 2011 11:31:13 +0000 (14:31 +0300)
committer	Marcel Holtmann <marcel@holtmann.org>
	Tue, 4 Dec 2012 21:22:03 +0000 (22:22 +0100)
gobex/gobex-header.c		patch \| blob \| history
unit/test-gobex-header.c		patch \| blob \| history