[nrf toup] packet: Fix heap corruption

While parsing the packet all TLV's are NULl terminated explicitly, so, take in to account the NULL terminating byte while memory allocation. Else, this overrides other memory causing hard to debug heap corruptions. Fixes SHEL-2754. Signed-off-by: Chaitanya Tata <[email protected]>
nrfconnect · May 28, 2024 · 28cb907 · 28cb907
1 parent 9f75760
commit 28cb907
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/indigo_packet.c b/indigo_packet.c
@@ -232,7 +232,7 @@ int parse_tlv(struct tlv_hdr *tlv, char *packet, size_t packet_len) {
 
     tlv->id = ((packet[0] & 0x00ff) << 8) | (packet[1] & 0x00ff);
     tlv->len = packet[2];
-    tlv->value = (char*)malloc(sizeof(char) * tlv->len);
+    tlv->value = (char*)malloc((sizeof(char) * tlv->len) + 1);
     if (!tlv->value) {
         indigo_logger(LOG_LEVEL_ERROR, "Failed to allocate memory for TLV value: %d", tlv->len);
         return -1;