diff options
author | Joel Fischer <joeljfischer@gmail.com> | 2019-05-31 09:41:55 -0400 |
---|---|---|
committer | Joel Fischer <joeljfischer@gmail.com> | 2019-05-31 09:41:55 -0400 |
commit | 87f6a919f158237dc18c2e11caed23b1eb947805 (patch) | |
tree | b7b637606ea0ee337a18260c3926c68c157b7456 | |
parent | ea18212f1ebfaf2e1a4f24590769fb421f9b4a2f (diff) | |
download | sdl_ios-feature/issue_1285_prevent_buffer_overruns.tar.gz |
Fix using uninitialized objects on pre protocol v5 head unitsfeature/issue_1285_prevent_buffer_overruns
9 files changed, 36 insertions, 9 deletions
diff --git a/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m index d28524f81..2dd186b1f 100644 --- a/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m +++ b/SmartDeviceLink/SDLControlFramePayloadAudioStartServiceAck.m @@ -66,7 +66,10 @@ NS_ASSUME_NONNULL_BEGIN - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey); diff --git a/SmartDeviceLink/SDLControlFramePayloadEndService.m b/SmartDeviceLink/SDLControlFramePayloadEndService.m index d7e9aef48..cabfb09df 100644 --- a/SmartDeviceLink/SDLControlFramePayloadEndService.m +++ b/SmartDeviceLink/SDLControlFramePayloadEndService.m @@ -66,7 +66,10 @@ NS_ASSUME_NONNULL_BEGIN - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.hashId = bson_object_get_int32(&payloadObject, SDLControlFrameHashIdKey); diff --git a/SmartDeviceLink/SDLControlFramePayloadNak.m b/SmartDeviceLink/SDLControlFramePayloadNak.m index eefda10e6..55b9a6dad 100644 --- a/SmartDeviceLink/SDLControlFramePayloadNak.m +++ b/SmartDeviceLink/SDLControlFramePayloadNak.m @@ -71,7 +71,10 @@ NS_ASSUME_NONNULL_BEGIN - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } BsonArray *arrayObject = bson_object_get_array(&payloadObject, SDLControlFrameRejectedParams); if (arrayObject == NULL) { diff --git a/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m b/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m index ea4fe6f25..6409884d0 100644 --- a/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m +++ b/SmartDeviceLink/SDLControlFramePayloadRPCStartService.m @@ -65,7 +65,10 @@ NS_ASSUME_NONNULL_BEGIN - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } char *utf8String = bson_object_get_string(&payloadObject, SDLControlFrameProtocolVersionKey); if (utf8String != NULL) { diff --git a/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m index 996f2f172..e6afae672 100644 --- a/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m +++ b/SmartDeviceLink/SDLControlFramePayloadRPCStartServiceAck.m @@ -115,7 +115,10 @@ NS_ASSUME_NONNULL_BEGIN - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.hashId = bson_object_get_int32(&payloadObject, SDLControlFrameHashIdKey); self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey); diff --git a/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m b/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m index aeca26258..600fd1b61 100644 --- a/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m +++ b/SmartDeviceLink/SDLControlFramePayloadRegisterSecondaryTransportNak.m @@ -65,7 +65,10 @@ NS_ASSUME_NONNULL_BEGIN - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } char *reasonString = bson_object_get_string(&payloadObject, SDLControlFrameReasonKey); if (reasonString != NULL) { diff --git a/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m b/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m index ed76a1c7f..24b49ccec 100644 --- a/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m +++ b/SmartDeviceLink/SDLControlFramePayloadTransportEventUpdate.m @@ -81,7 +81,10 @@ NS_ASSUME_NONNULL_BEGIN - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } char *utf8String = bson_object_get_string(&payloadObject, SDLControlFrameTCPIPAddressKey); if (utf8String != NULL) { diff --git a/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m b/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m index 24820cf43..d8dc841be 100644 --- a/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m +++ b/SmartDeviceLink/SDLControlFramePayloadVideoStartService.m @@ -88,7 +88,10 @@ NS_ASSUME_NONNULL_BEGIN - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.height = bson_object_get_int32(&payloadObject, SDLControlFrameHeightKey); self.width = bson_object_get_int32(&payloadObject, SDLControlFrameWidthKey); diff --git a/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m b/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m index 23891ce24..7f071df50 100644 --- a/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m +++ b/SmartDeviceLink/SDLControlFramePayloadVideoStartServiceAck.m @@ -94,7 +94,10 @@ - (void)sdl_parse:(NSData *)data { BsonObject payloadObject; - bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + size_t retval = bson_object_from_bytes_len(&payloadObject, (BytePtr)data.bytes, data.length); + if (retval <= 0) { + return; + } self.mtu = bson_object_get_int64(&payloadObject, SDLControlFrameMTUKey); self.height = bson_object_get_int32(&payloadObject, SDLControlFrameHeightKey); |