[Desc.] make the values clearly.
#git:slp/pkgs/v/vmodem-daemon-emulator
Name: vmodemd-emul
-Version: 0.2.36
+Version: 0.2.37
Release: 1
Summary: Modem Emulator
Group: System/ModemEmulator
}
num = *((int *)p);
+ if(num < 0 || num > (254 * sizeof(int)) ) {
+ TRACE(MSGL_VGSM_INFO, "ERROR!! Invalid value of packet.data.\n");
+ return;
+ }
pos = p + sizeof(int);
int clientid;
clientid = (int)packed_S32((unsigned char *)p);
+ if(clientid == 0)
+ TRACE(MSGL_VGSM_INFO, "ERROR!! Invalid value of clientid.\n");
ci->klass = clientid;
TRACE(MSGL_VGSM_INFO, "LXT_PDA_INTERNAL_ID_REQUEST [0x%x]: %s\n", clientid, clientName[clientid]);
//int klass = ci->klass;
int clientfd = ci->fd;
- unsigned char * p = 0;
+ //unsigned char * p = 0;
TAPIMessageInit(&packet);
{
packet.data = (unsigned char *) PacketDataMalloc(packet.length + 1);
rc = ReadBytes(clientfd, packet.data, packet.length);
- p = (unsigned char *)packet.data;
+ //p = (unsigned char *)packet.data;
}
group = packet.group;
do_emulator(ps, ci, &packet);
break;
case GSM_GPRS :
- do_gprs(ps, ci, &packet);
+ do_gprs(ps, ci, &packet);
break;
case GSM_POWER :
do_power(ps, ci, &packet);
if (!p) return 0;
- for(i = sizeof(int); i >= 0; i--) rc = rc | p[i] << i*8;
+ for(i = sizeof(int); i >= 0; i--) {
+ if(p[i] < 0 || p[i] > 255){
+ return 0;
+ }
+ else{
+ rc = rc | p[i] << i*8;
+ }
+ }
return rc;
}
int server_tx_call_incoming_noti( LXT_MESSAGE * packet ) //¸ÁÀÔÀå¿¡¼± outgoing call.
{
- int num_len = 0, ret = 0;
+ int num_len = 0, ret = 0, tmp = 0;
char number[MAX_GSM_DIALED_DIGITS_NUMBER];
char *p, data[8 + MAX_GSM_DIALED_DIGITS_NUMBER];
unsigned char ss_present_indi ;
}
else
{
- num_len = p[3];
+ tmp = (int)p[3];
+ if(tmp < 0 || tmp > 254){
+ TRACE(MSGL_VGSM_INFO, "ERROR!! Invalid value of packet.data.\n");
+ return -1;
+ }
+ num_len = tmp;
memcpy(number, &p[7], num_len);
log_msg(MSGL_VGSM_INFO," call num len %d \n", num_len);
ss_present_indi = 0;
VGSM_DEBUG("\n");
unsigned char *data = 0;
- int ret = 0, len = 0;
+ int ret = 0, len = 0, tmp;
unsigned char *ptr = (unsigned char *)packet->data;
int i = 0;
- len = 1+(ptr[0]*8);
- data = malloc(sizeof(unsigned char)*len);
- if(!data)
+ tmp = (int)ptr[0];
+ if(tmp < 0 || tmp > 254){
+ TRACE(MSGL_VGSM_INFO, "ERROR!! Invalid value of packet.data.\n");
return -1;
+ }
+
+ len = 1 + (tmp * 8);
+ data = malloc(sizeof(unsigned char)*len);
for(i=0; i<len; ++i)
data[i] = ptr[i];
projects / platform / adaptation / emulator / vmodem-daemon-emulator.git / commitdiff