Fix bad logic parsing XID parameters
This commit is contained in:
XANTRONIX Development
XANTRONIX Industrial
parent
b34cffc0f3
commit
708d347e14
1 changed files with 5 additions and 5 deletions
10
src/frame.c
10
src/frame.c
|
|
@ -278,8 +278,8 @@ ssize_t patty_ax25_frame_decode_xid(patty_ax25_frame_xid_callback callback,
|
|||
void *ctx) {
|
||||
size_t start = offset;
|
||||
|
||||
patty_ax25_frame_xid_element *elem = ((patty_ax25_frame_xid_element *)
|
||||
(uint8_t *)data + offset);
|
||||
patty_ax25_frame_xid_element *elem = (patty_ax25_frame_xid_element *)
|
||||
((uint8_t *)data + offset);
|
||||
|
||||
if (elem->format != 0x82 || elem->group != 0x80) {
|
||||
errno = EIO;
|
||||
|
|
@ -287,7 +287,7 @@ ssize_t patty_ax25_frame_decode_xid(patty_ax25_frame_xid_callback callback,
|
|||
goto error;
|
||||
}
|
||||
|
||||
if (be16toh(elem->len) != len - offset) {
|
||||
if (be16toh(elem->len) != len - sizeof(*elem) - offset) {
|
||||
errno = EIO;
|
||||
|
||||
goto error;
|
||||
|
|
@ -295,7 +295,7 @@ ssize_t patty_ax25_frame_decode_xid(patty_ax25_frame_xid_callback callback,
|
|||
|
||||
offset += sizeof(*elem);
|
||||
|
||||
while (offset < start + len) {
|
||||
while (offset < len) {
|
||||
patty_ax25_frame_xid_param *param = (patty_ax25_frame_xid_param *)
|
||||
((uint8_t *)data + offset);
|
||||
|
||||
|
|
@ -309,7 +309,7 @@ ssize_t patty_ax25_frame_decode_xid(patty_ax25_frame_xid_callback callback,
|
|||
offset += sizeof(*param) + param->len;
|
||||
}
|
||||
|
||||
if (offset != start + len) {
|
||||
if (offset != len) {
|
||||
errno = EIO;
|
||||
|
||||
goto error;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue