Skip to content

Commit

Permalink
- ACSE: fixed out-of-bound read in parseAarqPdu/parseAarePdu functions (
Browse files Browse the repository at this point in the history 
#512)(#513)(LIB61850-441)(LIB61850-442)
  • Loading branch information
@mzillgith
mzillgith committed Aug 12, 2024
1 parent c62287c commit 7d4614a
Showing 1 changed file with 21 additions and 2 deletions.
23 changes: 21 additions & 2 deletions src/mms/iso_acse/acse.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,10 +190,18 @@ parseAarePdu(AcseConnection* self, uint8_t* buffer, int bufPos, int maxBufPos)

bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos);

if (bufPos < 0)
{
if (DEBUG_ACSE)
printf("ACSE: Invalid PDU!\n");
return ACSE_ERROR;
}

if (len == 0)
continue;

if ((bufPos < 0) || (bufPos + len > maxBufPos)) {
if (bufPos + len > maxBufPos)
{
if (DEBUG_ACSE)
printf("ACSE: Invalid PDU!\n");
return ACSE_ERROR;
Expand Down Expand Up @@ -279,7 +287,18 @@ parseAarqPdu(AcseConnection* self, uint8_t* buffer, int bufPos, int maxBufPos)

bufPos = BerDecoder_decodeLength(buffer, &len, bufPos, maxBufPos);

if (bufPos < 0) {
if (bufPos < 0)
{
if (DEBUG_ACSE)
printf("ACSE: Invalid PDU!\n");
return ACSE_ASSOCIATE_FAILED;
}

if (len == 0)
continue;

if (bufPos + len > maxBufPos)
{
if (DEBUG_ACSE)
printf("ACSE: Invalid PDU!\n");
return ACSE_ASSOCIATE_FAILED;
Expand Down

0 comments on commit 7d4614a

Please sign in to comment.