.

Fork of WIZnet_Library by WIZnet

Revision:
5:89edb39d8707
Parent:
0:b72d22e10709
--- a/WIZnetInterface/Socket/UDPSocket.cpp	Wed Aug 20 02:17:02 2014 +0000
+++ b/WIZnetInterface/Socket/UDPSocket.cpp	Mon Oct 06 01:35:09 2014 +0000
@@ -30,7 +30,7 @@
     if (_sock_fd < 0) {
         _sock_fd = eth->new_socket();
     }
-    if (eth->setProtocol(_sock_fd, UDP) == false) return -1; 
+    if (eth->setProtocol(_sock_fd, UDP) == false) return -1;
     return 0;
 }
 
@@ -78,11 +78,18 @@
     }
     eth->recv(_sock_fd, (char*)info, sizeof(info));
     readEndpoint(remote, info);
-    int udp_size = info[6]<<8|info[7]; 
+    int udp_size = info[6]<<8|info[7];
     //TEST_ASSERT(udp_size <= (size-sizeof(info)));
     if (udp_size > (size-sizeof(info))) {
         return -1;
     }
+
+    /* Perform Length check here to prevent buffer overrun */
+    /* fixed by Sean Newton (https://developer.mbed.org/users/SeanNewton/) */
+    if (udp_size > length) {
+        //printf("udp_size: %d\n",udp_size);
+        return -1;
+    }
     return eth->recv(_sock_fd, buffer, udp_size);
 }