From 15409fde81d520aa109092694cacda4d18793ca9 Mon Sep 17 00:00:00 2001 From: Li Cao Date: Wed, 6 Nov 2024 21:50:19 +0800 Subject: [PATCH] [ncp] fix ncp spinel parsing methods (#2585) This commit fixes a critical issue in NcpSpinel parsing methods. The parsing methods use `uint8_t` as the length of input frame which is not sufficient for large frame like Ip6StreamNet, which could be at most 1000+ bytes. --- src/ncp/ncp_spinel.cpp | 6 +++--- src/ncp/ncp_spinel.hpp | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/ncp/ncp_spinel.cpp b/src/ncp/ncp_spinel.cpp index f8f2c05da13..ed40d54d823 100644 --- a/src/ncp/ncp_spinel.cpp +++ b/src/ncp/ncp_spinel.cpp @@ -723,7 +723,7 @@ otError NcpSpinel::ParseIp6AddressTable(const uint8_t *aBuf, return error; } -otError NcpSpinel::ParseIp6MulticastAddresses(const uint8_t *aBuf, uint8_t aLen, std::vector &aAddressList) +otError NcpSpinel::ParseIp6MulticastAddresses(const uint8_t *aBuf, uint16_t aLen, std::vector &aAddressList) { otError error = OT_ERROR_NONE; ot::Spinel::Decoder decoder; @@ -746,7 +746,7 @@ otError NcpSpinel::ParseIp6MulticastAddresses(const uint8_t *aBuf, uint8_t aLen, return error; } -otError NcpSpinel::ParseIp6StreamNet(const uint8_t *aBuf, uint8_t aLen, const uint8_t *&aData, uint16_t &aDataLen) +otError NcpSpinel::ParseIp6StreamNet(const uint8_t *aBuf, uint16_t aLen, const uint8_t *&aData, uint16_t &aDataLen) { otError error = OT_ERROR_NONE; ot::Spinel::Decoder decoder; @@ -761,7 +761,7 @@ otError NcpSpinel::ParseIp6StreamNet(const uint8_t *aBuf, uint8_t aLen, const ui } otError NcpSpinel::ParseOperationalDatasetTlvs(const uint8_t *aBuf, - uint8_t aLen, + uint16_t aLen, otOperationalDatasetTlvs &aDatasetTlvs) { otError error = OT_ERROR_NONE; diff --git a/src/ncp/ncp_spinel.hpp b/src/ncp/ncp_spinel.hpp index 7b78537b18c..bb79274413b 100644 --- a/src/ncp/ncp_spinel.hpp +++ b/src/ncp/ncp_spinel.hpp @@ -311,9 +311,9 @@ class NcpSpinel : public Netif::Dependencies, public InfraIf::Dependencies otError SendEncodedFrame(void); otError ParseIp6AddressTable(const uint8_t *aBuf, uint16_t aLength, std::vector &aAddressTable); - otError ParseIp6MulticastAddresses(const uint8_t *aBuf, uint8_t aLen, std::vector &aAddressList); - otError ParseIp6StreamNet(const uint8_t *aBuf, uint8_t aLen, const uint8_t *&aData, uint16_t &aDataLen); - otError ParseOperationalDatasetTlvs(const uint8_t *aBuf, uint8_t aLen, otOperationalDatasetTlvs &aDatasetTlvs); + otError ParseIp6MulticastAddresses(const uint8_t *aBuf, uint16_t aLen, std::vector &aAddressList); + otError ParseIp6StreamNet(const uint8_t *aBuf, uint16_t aLen, const uint8_t *&aData, uint16_t &aDataLen); + otError ParseOperationalDatasetTlvs(const uint8_t *aBuf, uint16_t aLen, otOperationalDatasetTlvs &aDatasetTlvs); otError ParseInfraIfIcmp6Nd(const uint8_t *aBuf, uint8_t aLen, uint32_t &aInfraIfIndex,