Merge pull request #1287 from smartdevicelink/feature/issue_1285_prevent_buffer_overruns

Prevent Buffer Overruns
author: Joel Fischer <joeljfischer@gmail.com> 2019-05-31 13:48:18 -0400
committer: GitHub <noreply@github.com> 2019-05-31 13:48:18 -0400
commit: 8ce276c6cb20bfbf253848e5d9c1de623d4a1ac1 (patch)
tree: a323b2babd499d36bf53c7dc957f447282537765
parent: 3425890a5b3f226e81eb31a88ccdf40e341fa39b (diff)
parent: 87f6a919f158237dc18c2e11caed23b1eb947805 (diff)
download: sdl_ios-8ce276c6cb20bfbf253848e5d9c1de623d4a1ac1.tar.gz
9 files changed, 46 insertions, 9 deletions
diff --git a/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m
index be5460bb4..2dd186b1f 100644
--- a/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m
+++ b/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m
@@ -65,7 +65,11 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
 
     self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey);
 
diff --git a/SmartDeviceLink/SDLControlFramePayloadEndService.m b/SmartDeviceLink/SDLControlFramePayloadEndService.m
index 372400e7d..cabfb09df 100644
--- a/SmartDeviceLink/SDLControlFramePayloadEndService.m
+++ b/SmartDeviceLink/SDLControlFramePayloadEndService.m
@@ -65,7 +65,11 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
 
     self.hashId = bson_object_get_int32(&payloadObject, SDLControlFrameHashIdKey);
 
diff --git a/SmartDeviceLink/SDLControlFramePayloadNak.m b/SmartDeviceLink/SDLControlFramePayloadNak.m
index 15f5c517c..55b9a6dad 100644
--- a/SmartDeviceLink/SDLControlFramePayloadNak.m
+++ b/SmartDeviceLink/SDLControlFramePayloadNak.m
@@ -70,7 +70,12 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
+    
     BsonArray *arrayObject = bson_object_get_array(&payloadObject, SDLControlFrameRejectedParams);
     if (arrayObject == NULL) {
         return;
diff --git a/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m b/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m
index d943d6a47..6409884d0 100644
--- a/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m
+++ b/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m
@@ -64,7 +64,11 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
 
     char *utf8String = bson_object_get_string(&payloadObject, SDLControlFrameProtocolVersionKey);
     if (utf8String != NULL) {
diff --git a/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m
index b9e54d9a3..e6afae672 100644
--- a/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m
+++ b/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m
@@ -114,7 +114,11 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
 
     self.hashId = bson_object_get_int32(&payloadObject, SDLControlFrameHashIdKey);
     self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey);
diff --git a/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m b/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m
index 570d41fa5..600fd1b61 100644
--- a/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m
+++ b/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m
@@ -64,7 +64,11 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
 
     char *reasonString = bson_object_get_string(&payloadObject, SDLControlFrameReasonKey);
     if (reasonString != NULL) {
diff --git a/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m b/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m
index daaf3f13c..24b49ccec 100644
--- a/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m
+++ b/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m
@@ -80,7 +80,11 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
 
     char *utf8String = bson_object_get_string(&payloadObject, SDLControlFrameTCPIPAddressKey);
     if (utf8String != NULL) {
diff --git a/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m b/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m
index d33698ebb..d8dc841be 100644
--- a/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m
+++ b/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m
@@ -87,7 +87,11 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
 
     self.height = bson_object_get_int32(&payloadObject, SDLControlFrameHeightKey);
     self.width = bson_object_get_int32(&payloadObject, SDLControlFrameWidthKey);
diff --git a/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m
index d690d6690..7f071df50 100644
--- a/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m
+++ b/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m
@@ -93,7 +93,11 @@
 }
 
 - (void)sdl_parse:(NSData *)data {
-    BsonObject payloadObject = bson_object_from_bytes((BytePtr)data.bytes);
+    BsonObject payloadObject;
+    size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length);
+    if (retval <= 0) {
+        return;
+    }
 
     self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey);
     self.height = bson_object_get_int32(&payloadObject, SDLControlFrameHeightKey);
author	Joel Fischer <joeljfischer@gmail.com>	2019-05-31 13:48:18 -0400
committer	GitHub <noreply@github.com>	2019-05-31 13:48:18 -0400
commit	8ce276c6cb20bfbf253848e5d9c1de623d4a1ac1 (patch)
tree	a323b2babd499d36bf53c7dc957f447282537765
parent	3425890a5b3f226e81eb31a88ccdf40e341fa39b (diff)
parent	87f6a919f158237dc18c2e11caed23b1eb947805 (diff)
download	sdl_ios-8ce276c6cb20bfbf253848e5d9c1de623d4a1ac1.tar.gz