Check packet header length

To check whether the packet is valid or not, the packet length should be checked.

Change-Id: I64063aa17c61e6fb43f2ad3f544ca79e44dce665
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>

diff --git a/src/aul_sock.cc b/src/aul_sock.cc
index 1050ca4..681f5d2 100644 (file)
--- a/src/aul_sock.cc
+++ b/src/aul_sock.cc
@@ -283,6 +283,11 @@ int ReceiveAppPacket(ClientSocket* client, app_pkt_t** out_pkt) {
   if (ret < 0)
     return ret;
 
+  if (header.len < 0 || header.len > MAX_PAYLOAD_SIZE) {
+    _E("Invalid packet. length(%d)", header.len);
+    return -ECOMM;
+  }
+
   app_pkt_t* pkt = static_cast<app_pkt_t*>(
       calloc(1, sizeof(app_pkt_t) + header.len));
   if (pkt == nullptr) {