aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael West <michael.west@ettus.com>2013-10-28 12:38:08 -0700
committerMichael West <michael.west@ettus.com>2013-10-28 12:38:08 -0700
commitf806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4 (patch)
treecc6d4db065b0bd48705d2887d69739ec6e4eaddc
parent2441206b580b86405eb50416f98a80578d1bf03c (diff)
downloaduhd-f806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4.tar.gz
uhd-f806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4.tar.bz2
uhd-f806f6a8031a7f9cf5eacbe858bfa8aa95d21dd4.zip
CID 1104329: Fixed untrusted loop bound.
CID 1104327: Fixed untrusted value as argument.
-rw-r--r--host/lib/usrp/common/fx2_ctrl.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/host/lib/usrp/common/fx2_ctrl.cpp b/host/lib/usrp/common/fx2_ctrl.cpp
index 6111efea9..1cacc45cf 100644
--- a/host/lib/usrp/common/fx2_ctrl.cpp
+++ b/host/lib/usrp/common/fx2_ctrl.cpp
@@ -119,6 +119,9 @@ bool parse_record(std::string *record, unsigned int &len,
std::istringstream(record->substr(3, 4)) >> std::hex >> addr;
std::istringstream(record->substr(7, 2)) >> std::hex >> type;
+ if (len >2 * (record->length() - 9)) // sanity check to prevent buffer overrun
+ return false;
+
for (i = 0; i < len; i++) {
std::istringstream(record->substr(9 + 2 * i, 2)) >> std::hex >> val;
data[i] = (unsigned char) val;
@@ -181,6 +184,9 @@ public:
std::string record;
file >> record;
+ if (!record.length() > 0)
+ continue;
+
//check for valid record
if (not checksum(&record) or not parse_record(&record, len, addr, type, data)) {
throw uhd::io_error("usrp_load_firmware: bad record checksum");