g4klx/DMRGateway
1
0
Fork 0
mirror of https://github.com/g4klx/DMRGateway.git synced 2026-04-06 06:53:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix stack buffer overflow in writeRadioPosition and writeTalkerAlias

Browse source 
Both functions copy packet data into 50-byte stack buffers without
validating the length parameter. Add bounds checks to reject packets
that would overflow the buffer or cause unsigned underflow.
This commit is contained in:
Ember 2026-04-04 16:49:26 -07:00
parent 0e04ebae0f
commit 6dd98bd856
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
DMRNetwork.cpp
View file

@ -252,6 +252,9 @@ bool CDMRNetwork::writeRadioPosition(const unsigned char* data, unsigned int len
if (!m_location)
return false;
if (length < 4U || length > 50U)
return false;
unsigned char buffer[50U];
::memcpy(buffer + 0U, "DMRG", 4U);
@ -268,6 +271,9 @@ bool CDMRNetwork::writeTalkerAlias(const unsigned char* data, unsigned int lengt
if (m_status != STATUS::RUNNING)
return false;
if (length < 4U || length > 50U)
return false;
unsigned char buffer[50U];
::memcpy(buffer + 0U, "DMRA", 4U);