From b2ef9d904604ad7869123ab1961f337d101f0b3f Mon Sep 17 00:00:00 2001 From: goldsimon Date: Wed, 25 Apr 2018 20:56:34 +0200 Subject: [PATCH] netbiosns: fix bug #53747 (need to verify received packet length) --- src/apps/netbiosns/netbiosns.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/apps/netbiosns/netbiosns.c b/src/apps/netbiosns/netbiosns.c index 23ad20b2..4b5cdb87 100644 --- a/src/apps/netbiosns/netbiosns.c +++ b/src/apps/netbiosns/netbiosns.c @@ -343,6 +343,12 @@ netbiosns_recv(void *arg, struct udp_pcb *upcb, struct pbuf *p, const ip_addr_t struct netbios_hdr *netbios_hdr = (struct netbios_hdr *)p->payload; struct netbios_name_hdr *netbios_name_hdr = (struct netbios_name_hdr *)(netbios_hdr + 1); + /* is the packet long enough (we need the header in one piece) */ + if (p->len < (sizeof(struct netbios_hdr) + sizeof(struct netbios_name_hdr))) { + /* packet too short */ + pbuf_free(p); + return; + } /* we only answer if we got a default interface */ if (netif_default != NULL) { /* @todo: do we need to check answerRRs/authorityRRs/additionalRRs? */