Mercurial > hg > freeDiameter
comparison libfdproto/messages.c @ 1549:19ab8ac08a36
Merge
author | Sebastien Decugis <sdecugis@freediameter.net> |
---|---|
date | Tue, 07 Jul 2020 01:41:54 +0800 |
parents | d25ce064c667 6a35c5470ef4 |
children | 566bb46cc73f |
comparison
equal
deleted
inserted
replaced
1548:edfb2b662b91 | 1549:19ab8ac08a36 |
---|---|
1944 } | 1944 } |
1945 avp->avp_public.avp_vendor = ntohl(*(uint32_t *)(buf + offset)); | 1945 avp->avp_public.avp_vendor = ntohl(*(uint32_t *)(buf + offset)); |
1946 offset += 4; | 1946 offset += 4; |
1947 } | 1947 } |
1948 | 1948 |
1949 /* Check the length is valid */ | |
1950 if ( avp->avp_public.avp_len < GETAVPHDRSZ(avp->avp_public.avp_flags) ) { | |
1951 TRACE_DEBUG(INFO, "Invalid AVP size %d", | |
1952 avp->avp_public.avp_len); | |
1953 free(avp); | |
1954 return EBADMSG; | |
1955 } | |
1956 | |
1949 /* Check there is enough remaining data in the buffer */ | 1957 /* Check there is enough remaining data in the buffer */ |
1950 if ( (avp->avp_public.avp_len > GETAVPHDRSZ(avp->avp_public.avp_flags)) | 1958 if ( (avp->avp_public.avp_len > GETAVPHDRSZ(avp->avp_public.avp_flags)) |
1951 && (buflen - offset < avp->avp_public.avp_len - GETAVPHDRSZ(avp->avp_public.avp_flags))) { | 1959 && (buflen - offset < avp->avp_public.avp_len - GETAVPHDRSZ(avp->avp_public.avp_flags))) { |
1952 TRACE_DEBUG(INFO, "truncated buffer: remaining only %zd bytes for data, and avp data size is %d", | 1960 TRACE_DEBUG(INFO, "truncated buffer: remaining only %zd bytes for data, and avp data size is %d", |
1953 buflen - offset, | 1961 buflen - offset, |
1989 | 1997 |
1990 msglen = ntohl(*(uint32_t *)buf) & 0x00ffffff; | 1998 msglen = ntohl(*(uint32_t *)buf) & 0x00ffffff; |
1991 if ( buflen < msglen ) { | 1999 if ( buflen < msglen ) { |
1992 TRACE_DEBUG(INFO, "Truncated message (%zd / %d)", buflen, msglen ); | 2000 TRACE_DEBUG(INFO, "Truncated message (%zd / %d)", buflen, msglen ); |
1993 return EBADMSG; | 2001 return EBADMSG; |
2002 } | |
2003 if ( msglen < GETMSGHDRSZ() ) { | |
2004 TRACE_DEBUG(INFO, "Invalid message length (%d)", msglen ); | |
2005 return EBADMSG; | |
1994 } | 2006 } |
1995 | 2007 |
1996 /* Create a new object */ | 2008 /* Create a new object */ |
1997 CHECK_MALLOC( new = malloc (sizeof(struct msg)) ); | 2009 CHECK_MALLOC( new = malloc (sizeof(struct msg)) ); |
1998 | 2010 |