diff options
author | Aleksander Morgado <aleksander@aleksander.es> | 2019-11-26 16:52:58 +0100 |
---|---|---|
committer | Aleksander Morgado <aleksander@aleksander.es> | 2019-11-26 23:01:19 +0100 |
commit | 093b0bf07eb85d989c6db855bcb63ef36ab372b9 (patch) | |
tree | 72e993b3cf0f27d1b75247abe5065b7b068b30b1 /src/libmbim-glib | |
parent | 3e33a1e839254940ff17b4b38923dca21f857a6a (diff) |
libmbim-glib,message: reading guint32 array may fail
Diffstat (limited to 'src/libmbim-glib')
-rw-r--r-- | src/libmbim-glib/mbim-message-private.h | 8 | ||||
-rw-r--r-- | src/libmbim-glib/mbim-message.c | 49 | ||||
-rw-r--r-- | src/libmbim-glib/mbim-proxy-helpers.c | 4 |
3 files changed, 38 insertions, 23 deletions
diff --git a/src/libmbim-glib/mbim-message-private.h b/src/libmbim-glib/mbim-message-private.h index 55faa78..97fce0f 100644 --- a/src/libmbim-glib/mbim-message-private.h +++ b/src/libmbim-glib/mbim-message-private.h @@ -273,10 +273,12 @@ gboolean _mbim_message_read_guint32 (const MbimMessage *self, guint32 relative_offset, guint32 *value, GError **error); +gboolean _mbim_message_read_guint32_array (const MbimMessage *self, + guint32 array_size, + guint32 relative_offset_array_start, + guint32 **array, + GError **error); -guint32 *_mbim_message_read_guint32_array (const MbimMessage *self, - guint32 array_size, - guint32 relative_offset_array_start); guint64 _mbim_message_read_guint64 (const MbimMessage *self, guint64 relative_offset); gchar *_mbim_message_read_string (const MbimMessage *self, diff --git a/src/libmbim-glib/mbim-message.c b/src/libmbim-glib/mbim-message.c index 3872f17..113f383 100644 --- a/src/libmbim-glib/mbim-message.c +++ b/src/libmbim-glib/mbim-message.c @@ -199,32 +199,45 @@ _mbim_message_read_guint32 (const MbimMessage *self, return TRUE; } -guint32 * -_mbim_message_read_guint32_array (const MbimMessage *self, - guint32 array_size, - guint32 relative_offset_array_start) +gboolean +_mbim_message_read_guint32_array (const MbimMessage *self, + guint32 array_size, + guint32 relative_offset_array_start, + guint32 **array, + GError **error) { - guint i; - guint32 *out; + guint32 required_size; + guint i; guint32 information_buffer_offset; - if (!array_size) - return NULL; + g_assert (array != NULL); + + if (!array_size) { + *array = NULL; + return TRUE; + } information_buffer_offset = _mbim_message_get_information_buffer_offset (self); - out = g_new (guint32, array_size + 1); - for (i = 0; i < array_size; i++) { - out[i] = GUINT32_FROM_LE (G_STRUCT_MEMBER ( - guint32, - self->data, - (information_buffer_offset + - relative_offset_array_start + - (4 * i)))); + required_size = information_buffer_offset + relative_offset_array_start + (4 * array_size); + if (self->len < required_size) { + g_set_error (error, MBIM_CORE_ERROR, MBIM_CORE_ERROR_INVALID_MESSAGE, + "cannot read 32bit unsigned integer array (%u bytes) (%u < %u)", + (4 * array_size), self->len, required_size); + return FALSE; } - out[array_size] = 0; - return out; + *array = g_new (guint32, array_size + 1); + for (i = 0; i < array_size; i++) { + (*array)[i] = GUINT32_FROM_LE (G_STRUCT_MEMBER ( + guint32, + self->data, + (information_buffer_offset + + relative_offset_array_start + + (4 * i)))); + } + (*array)[array_size] = 0; + return TRUE; } guint64 diff --git a/src/libmbim-glib/mbim-proxy-helpers.c b/src/libmbim-glib/mbim-proxy-helpers.c index e527801..f4107d0 100644 --- a/src/libmbim-glib/mbim-proxy-helpers.c +++ b/src/libmbim-glib/mbim-proxy-helpers.c @@ -167,8 +167,8 @@ _mbim_proxy_helper_service_subscribe_request_parse (MbimMessage *message, break; array_offset += 4; - if (array[i]->cids_count) - array[i]->cids = _mbim_message_read_guint32_array (message, array[i]->cids_count, array_offset); + if (array[i]->cids_count && !_mbim_message_read_guint32_array (message, array[i]->cids_count, array_offset, &array[i]->cids, &inner_error)) + break; offset += 8; } } |