From: robertl <robertl>
Date: Fri, 26 Mar 2010 03:09:20 +0000 (+0000)
Subject: Add error checks for packets of bad sizes.
X-Git-Tag: archive/raspbian/1.10.0+ds-2+rpi1~1^2~199^2~36
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3fae70d8985b31743ada3b654cf3b7ae4c71fd93;p=gpsbabel.git

Add error checks for packets of bad sizes.
---

diff --git a/jeeps/gpsread.c b/jeeps/gpsread.c
index 2bf926b1d..56ea632fa 100644
--- a/jeeps/gpsread.c
+++ b/jeeps/gpsread.c
@@ -172,6 +172,12 @@ int32 GPS_Serial_Packet_Read(gpsdevh *fd, GPS_PPacket *packet)
 		    return (*packet)->n;
 		}
 		
+	    if (p - (*packet)->data >= MAX_GPS_PACKET_SIZE)
+	    {
+		GPS_Error("GPS_Serial_Packet_Read: Bad payload size/no ETX found");
+		gps_errno = FRAMING_ERROR;
+		return 0;
+	    }
 	    *p++ = u;
 	}
     }
diff --git a/jeeps/gpsusbread.c b/jeeps/gpsusbread.c
index d061f312a..ed075a553 100644
--- a/jeeps/gpsusbread.c
+++ b/jeeps/gpsusbread.c
@@ -71,6 +71,12 @@ do_over:
 	 */
 	(*packet)->type = le_read16(&pkt.gusb_pkt.pkt_id);
 	payload_size = le_read32(&pkt.gusb_pkt.datasz);
+	if (payload_size<0 || payload_size>MAX_GPS_PACKET_SIZE)
+	{
+		GPS_Error("GPS_Packet_Read_usb: Bad payload size %d", payload_size);
+		gps_errno = FRAMING_ERROR;
+		return 0;
+	}
 	(*packet)->n = payload_size;
 	memcpy((*packet)->data, &pkt.gusb_pkt.databuf, payload_size);