.
Fork of WIZnet_Library by
Diff: WIZnetInterface/Socket/UDPSocket.cpp
- Revision:
- 5:89edb39d8707
- Parent:
- 0:b72d22e10709
--- a/WIZnetInterface/Socket/UDPSocket.cpp Wed Aug 20 02:17:02 2014 +0000 +++ b/WIZnetInterface/Socket/UDPSocket.cpp Mon Oct 06 01:35:09 2014 +0000 @@ -30,7 +30,7 @@ if (_sock_fd < 0) { _sock_fd = eth->new_socket(); } - if (eth->setProtocol(_sock_fd, UDP) == false) return -1; + if (eth->setProtocol(_sock_fd, UDP) == false) return -1; return 0; } @@ -78,11 +78,18 @@ } eth->recv(_sock_fd, (char*)info, sizeof(info)); readEndpoint(remote, info); - int udp_size = info[6]<<8|info[7]; + int udp_size = info[6]<<8|info[7]; //TEST_ASSERT(udp_size <= (size-sizeof(info))); if (udp_size > (size-sizeof(info))) { return -1; } + + /* Perform Length check here to prevent buffer overrun */ + /* fixed by Sean Newton (https://developer.mbed.org/users/SeanNewton/) */ + if (udp_size > length) { + //printf("udp_size: %d\n",udp_size); + return -1; + } return eth->recv(_sock_fd, buffer, udp_size); }