Merge pull request #1624 from cedric-d/prevent-uip-buffer-overread

Prevent uIP buffer over-read with big UDP packets
2016-06-15 13:08:45 +02:00 · 2016-06-15 13:08:45 +02:00 · fba37e0131
parent 5fe95fc425 67e0575bd3
commit fba37e0131
1 changed files with 2 additions and 4 deletions
--- a/core/net/ip/uip-udp-packet.c
+++ b/core/net/ip/uip-udp-packet.c
@ -51,12 +51,10 @@ void
 uip_udp_packet_send(struct uip_udp_conn *c, const void *data, int len)
 {
 #if UIP_UDP
-  if(data != NULL) {
+  if(data != NULL && len <= (UIP_BUFSIZE - (UIP_LLH_LEN + UIP_IPUDPH_LEN))) {
    uip_udp_conn = c;
    uip_slen = len;
-    memmove(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data,
-            len > UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN?
-            UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN: len);
+    memmove(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data, len);
    uip_process(UIP_UDP_SEND_CONN);

 #if UIP_CONF_IPV6_MULTICAST