From 3fae70d8985b31743ada3b654cf3b7ae4c71fd93 Mon Sep 17 00:00:00 2001
From: robertl <robertl>
Date: Fri, 26 Mar 2010 03:09:20 +0000
Subject: [PATCH] Add error checks for packets of bad sizes.

---
 jeeps/gpsread.c    | 6 ++++++
 jeeps/gpsusbread.c | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/jeeps/gpsread.c b/jeeps/gpsread.c
index 2bf926b1d..56ea632fa 100644
--- a/jeeps/gpsread.c
+++ b/jeeps/gpsread.c
@@ -172,6 +172,12 @@ int32 GPS_Serial_Packet_Read(gpsdevh *fd, GPS_PPacket *packet)
 		    return (*packet)->n;
 		}
 		
+	    if (p - (*packet)->data >= MAX_GPS_PACKET_SIZE)
+	    {
+		GPS_Error("GPS_Serial_Packet_Read: Bad payload size/no ETX found");
+		gps_errno = FRAMING_ERROR;
+		return 0;
+	    }
 	    *p++ = u;
 	}
     }
diff --git a/jeeps/gpsusbread.c b/jeeps/gpsusbread.c
index d061f312a..ed075a553 100644
--- a/jeeps/gpsusbread.c
+++ b/jeeps/gpsusbread.c
@@ -71,6 +71,12 @@ do_over:
 	 */
 	(*packet)->type = le_read16(&pkt.gusb_pkt.pkt_id);
 	payload_size = le_read32(&pkt.gusb_pkt.datasz);
+	if (payload_size<0 || payload_size>MAX_GPS_PACKET_SIZE)
+	{
+		GPS_Error("GPS_Packet_Read_usb: Bad payload size %d", payload_size);
+		gps_errno = FRAMING_ERROR;
+		return 0;
+	}
 	(*packet)->n = payload_size;
 	memcpy((*packet)->data, &pkt.gusb_pkt.databuf, payload_size);
 	
-- 
2.30.2