-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix packetbuffer handling in UDPEndPointImplOpenThread. (#18851)
What the code was doing was: 1. Allocate a buffer of size msgLen. 2. Copy sizeof(IPPacketInfo) + msgLen bytes into it. This is a buffer overrun if the packetbuffer was not over-allocated. 3. memmove the contents of the buffer over by sizeof(IPPacketInfo), point Start() at the location the data was moved to. This would fail if the buffer was not even more over-allocated. 4. Read the memory from ((Start() - sizeof(IPPacketInfo) & ~3) (which might _under-run_ the buffer depending on how its allocation is aligned in memory), and which anyway conceptually represents garbage data that the packetbuffer code is well withiin its rights to have overwritten and treat that memory as an IPPacketInfo. 5. Advance Start() by sizeof(IPPacketInfo) to point to the actual data. What the new code does is: 1. Allocate a buffer with msgLen data space and enough reserved space that we can place an aligned IPPacketInfo in the reserved space. 2. Copy the incoming data into the data space. 3. Fill in an IPPacketInfo in the reserved space. 4. Later read the IPPacketInfo from the reserved space.
- Loading branch information
1 parent
606d79d
commit a5d3ad4
Showing
1 changed file
with
32 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters