dlt_common: Fix buffer overflow in dlt_buffer_get (#215)

A DLT lib user can create a message large enough that dlt_user.resend_buffer is not large enough, and thus it will overflow Signed-off-by: Ricardo Leite <rleite@dcc.fc.up.pt>
author: Ricardo Leite <nespacontrib@gmail.com> 2020-03-30 07:13:04 +0100
committer: GitHub <noreply@github.com> 2020-03-30 15:13:04 +0900
commit: e420ee62d89d5efab6ad7275910cb3eec8497da6 (patch)
tree: 7edb2dae9c36f446e6b7505c894524448f3d4423
parent: 624ea834dcfd727abee1b715c90e9185f8bd617a (diff)
download: DLT-daemon-e420ee62d89d5efab6ad7275910cb3eec8497da6.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
index c577249..74c2b90 100644
--- a/src/shared/dlt_common.c
+++ b/src/shared/dlt_common.c
@@ -2643,11 +2643,13 @@ int dlt_buffer_get(DltBuffer *buf, unsigned char *data, int max_size, int delete
     }
 
     /* third check size */
-    if (max_size && (head.size > max_size))
+    if (max_size && (head.size > max_size)) {
         dlt_vlog(LOG_WARNING,
                  "%s: Buffer: Max size is smaller than read header size. Max size: %d\n",
                  __func__, max_size);
-        /* nothing to do but data does not fit provided buffer */
+        /* prevent buffer overflow on dlt_buffer_read_block */
+        return DLT_RETURN_ERROR; /* ERROR */
+    }
 
 
     if ((data != NULL) && max_size) {
author	Ricardo Leite <nespacontrib@gmail.com>	2020-03-30 07:13:04 +0100
committer	GitHub <noreply@github.com>	2020-03-30 15:13:04 +0900
commit	e420ee62d89d5efab6ad7275910cb3eec8497da6 (patch)
tree	7edb2dae9c36f446e6b7505c894524448f3d4423
parent	624ea834dcfd727abee1b715c90e9185f8bd617a (diff)
download	DLT-daemon-e420ee62d89d5efab6ad7275910cb3eec8497da6.tar.gz