From 62277025482d0c10b15fc19c906deb43767e023d Mon Sep 17 00:00:00 2001
From: robertl <robertl>
Date: Mon, 12 Apr 2004 13:00:46 +0000
Subject: [PATCH] Bounds check the D108 and D109 packets to protect from
 blowing the unit away with excessively long host input.

---
 jeeps/gpsapp.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/jeeps/gpsapp.c b/jeeps/gpsapp.c
index 3025fb412..d4c2746ab 100644
--- a/jeeps/gpsapp.c
+++ b/jeeps/gpsapp.c
@@ -27,6 +27,8 @@
 #include <time.h>
 #include <stdlib.h>
 
+#define XMIN(a,b) (a < b? a : b)
+
 static int32    GPS_A000(const char *port);
 static void   GPS_A001(GPS_PPacket packet);
 
@@ -1851,22 +1853,22 @@ static void GPS_D108_Send(UC *data, GPS_PWay way, int32 *len)
 
 
     q = (UC *) way->ident;
-    i = sizeof(way->ident);
+    i = XMIN(51, sizeof(way->ident));
     while((*p++ = *q++) && i--);
     q = (UC *) way->cmnt;
-    i = sizeof(way->cmnt);
+    i = XMIN(51, sizeof(way->cmnt));
     while((*p++ = *q++) && i--);
     q = (UC *) way->facility;
-    i = sizeof(way->facility);
+    i = XMIN(31, sizeof(way->facility));
     while((*p++ = *q++) && i--);
     q = (UC *) way->city;
-    i = sizeof(way->city);
+    i = XMIN(25, sizeof(way->city));
     while((*p++ = *q++) && i--);
     q = (UC *) way->addr;
-    i = sizeof(way->addr);
+    i = XMIN(51, sizeof(way->addr));
     while((*p++ = *q++) && i--);
     q = (UC *) way->cross_road;
-    i = sizeof(way->cross_road);
+    i = XMIN(51, sizeof(way->cross_road));
     while((*p++ = *q++) && i--);
     
     *len = p-data;
@@ -1918,22 +1920,22 @@ static void GPS_D109_Send(UC *data, GPS_PWay way, int32 *len)
     for(i=0;i<4;++i) *p++ = 0xff; /* D109 silliness for ETE */
 
     q = (UC *) way->ident;
-    i = sizeof(way->ident);
+    i = XMIN(51, sizeof(way->ident));
     while((*p++ = *q++) && i--);
     q = (UC *) way->cmnt;
-    i = sizeof(way->ident);
+    i = XMIN(51, sizeof(way->cmnt));
     while((*p++ = *q++) && i--);
     q = (UC *) way->facility;
-    i = sizeof(way->facility);
+    i = XMIN(31, sizeof(way->facility));
     while((*p++ = *q++) && i--);
     q = (UC *) way->city;
-    i = sizeof(way->city);
+    i = XMIN(25, sizeof(way->city));
     while((*p++ = *q++) && i--);
     q = (UC *) way->addr;
-    i = sizeof(way->addr);
+    i = XMIN(51, sizeof(way->addr));
     while((*p++ = *q++) && i--);
     q = (UC *) way->cross_road;
-    i = sizeof(way->cross_road);
+    i = XMIN(51, sizeof(way->cross_road));
     while((*p++ = *q++) && i--);
     *len = p-data;
     return;
-- 
2.30.2