From 4a9849f115ca7673c225abceca80013641bf045a Mon Sep 17 00:00:00 2001
From: "Gary E. Miller" <gem@rellim.com>
Date: Fri, 18 Jan 2019 16:53:00 -0800
Subject: driver_ubx: Fix ACK and NAK.

They were not checking for long enough buffer input.  They were
not reading the correct buffer locations for the ACK/NACKed ID.
---
 driver_ubx.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'driver_ubx.c')

diff --git a/driver_ubx.c b/driver_ubx.c
index dd004bb8..c74fde7a 100644
--- a/driver_ubx.c
+++ b/driver_ubx.c
@@ -1123,16 +1123,18 @@ gps_mask_t ubx_parse(struct gps_device_t * session, unsigned char *buf,
 
     switch (msgid) {
     case UBX_ACK_ACK:
-	gpsd_log(&session->context->errout, LOG_DATA,
-		 "UBX_ACK_ACK, class: %02x, id: %02x\n",
-		 buf[UBX_CLASS_OFFSET],
-		 buf[UBX_TYPE_OFFSET]);
+        if (2 <= data_len) {
+            gpsd_log(&session->context->errout, LOG_DATA,
+                     "UBX_ACK_ACK, class: %02x, id: %02x\n",
+                     buf[4], buf[5]);
+        }
 	break;
     case UBX_ACK_NAK:
-	gpsd_log(&session->context->errout, LOG_WARN,
-		 "UBX_ACK_NAK, class: %02x, id: %02x\n",
-		 buf[UBX_CLASS_OFFSET],
-		 buf[UBX_TYPE_OFFSET]);
+        if (2 <= data_len) {
+            gpsd_log(&session->context->errout, LOG_WARN,
+                     "UBX_ACK_NAK, class: %02x, id: %02x\n",
+                     buf[4], buf[5]);
+        }
 	break;
 
     case UBX_CFG_PRT:
-- 
cgit v1.2.1