From 2ba293a53864232b302b63e5971d3982157dee7d Mon Sep 17 00:00:00 2001
From: Adam Dunkels <adam@thingsquare.com>
Date: Sun, 17 Mar 2013 23:56:55 +0100
Subject: [PATCH] Bugfix: check the size of the outgoing packet to avoid
 overflowing the output buffer

---
 core/net/uip-udp-packet.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/net/uip-udp-packet.c b/core/net/uip-udp-packet.c
index 8e9369ab7..96423bfcb 100644
--- a/core/net/uip-udp-packet.c
+++ b/core/net/uip-udp-packet.c
@@ -54,7 +54,8 @@ uip_udp_packet_send(struct uip_udp_conn *c, const void *data, int len)
     uip_udp_conn = c;
     uip_slen = len;
     memcpy(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data,
-           len > UIP_BUFSIZE? UIP_BUFSIZE: len);
+           len > UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN?
+           UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN: len);
     uip_process(UIP_UDP_SEND_CONN);
 #if UIP_CONF_IPV6
     tcpip_ipv6_output();