diff options
author | Joel Fischer <joeljfischer@gmail.com> | 2019-05-31 13:48:18 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-05-31 13:48:18 -0400 |
commit | 8ce276c6cb20bfbf253848e5d9c1de623d4a1ac1 (patch) | |
tree | a323b2babd499d36bf53c7dc957f447282537765 | |
parent | 3425890a5b3f226e81eb31a88ccdf40e341fa39b (diff) | |
parent | 87f6a919f158237dc18c2e11caed23b1eb947805 (diff) | |
download | sdl_ios-8ce276c6cb20bfbf253848e5d9c1de623d4a1ac1.tar.gz |
Merge pull request #1287 from smartdevicelink/feature/issue_1285_prevent_buffer_overruns
Prevent Buffer Overruns
9 files changed, 46 insertions, 9 deletions
diff --git a/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m index be5460bb4..2dd186b1f 100644 --- a/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m +++ b/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m @@ -65,7 +65,11 @@ NS_ASSUME_NONNULL_BEGIN } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey); diff --git a/SmartDeviceLink/SDLControlFramePayloadEndService.m b/SmartDeviceLink/SDLControlFramePayloadEndService.m index 372400e7d..cabfb09df 100644 --- a/SmartDeviceLink/SDLControlFramePayloadEndService.m +++ b/SmartDeviceLink/SDLControlFramePayloadEndService.m @@ -65,7 +65,11 @@ NS_ASSUME_NONNULL_BEGIN } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.hashId = bson_object_get_int32(&payloadObject, SDLControlFrameHashIdKey); diff --git a/SmartDeviceLink/SDLControlFramePayloadNak.m b/SmartDeviceLink/SDLControlFramePayloadNak.m index 15f5c517c..55b9a6dad 100644 --- a/SmartDeviceLink/SDLControlFramePayloadNak.m +++ b/SmartDeviceLink/SDLControlFramePayloadNak.m @@ -70,7 +70,12 @@ NS_ASSUME_NONNULL_BEGIN } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } + BsonArray *arrayObject = bson_object_get_array(&payloadObject, SDLControlFrameRejectedParams); if (arrayObject == NULL) { return; diff --git a/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m b/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m index d943d6a47..6409884d0 100644 --- a/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m +++ b/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m @@ -64,7 +64,11 @@ NS_ASSUME_NONNULL_BEGIN } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } char *utf8String = bson_object_get_string(&payloadObject, SDLControlFrameProtocolVersionKey); if (utf8String != NULL) { diff --git a/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m index b9e54d9a3..e6afae672 100644 --- a/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m +++ b/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m @@ -114,7 +114,11 @@ NS_ASSUME_NONNULL_BEGIN } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.hashId = bson_object_get_int32(&payloadObject, SDLControlFrameHashIdKey); self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey); diff --git a/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m b/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m index 570d41fa5..600fd1b61 100644 --- a/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m +++ b/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m @@ -64,7 +64,11 @@ NS_ASSUME_NONNULL_BEGIN } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } char *reasonString = bson_object_get_string(&payloadObject, SDLControlFrameReasonKey); if (reasonString != NULL) { diff --git a/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m b/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m index daaf3f13c..24b49ccec 100644 --- a/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m +++ b/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m @@ -80,7 +80,11 @@ NS_ASSUME_NONNULL_BEGIN } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } char *utf8String = bson_object_get_string(&payloadObject, SDLControlFrameTCPIPAddressKey); if (utf8String != NULL) { diff --git a/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m b/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m index d33698ebb..d8dc841be 100644 --- a/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m +++ b/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m @@ -87,7 +87,11 @@ NS_ASSUME_NONNULL_BEGIN } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.height = bson_object_get_int32(&payloadObject, SDLControlFrameHeightKey); self.width = bson_object_get_int32(&payloadObject, SDLControlFrameWidthKey); diff --git a/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m index d690d6690..7f071df50 100644 --- a/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m +++ b/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m @@ -93,7 +93,11 @@ } - (void)sdl_parse:(NSData *)data { - BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes); + BsonObject payloadObject; + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey); self.height = bson_object_get_int32(&payloadObject, SDLControlFrameHeightKey); |