KB8PMY
/
xlxd
mirror of https://github.com/LX3JL/xlxd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix 1 byte buffer overflow in AMBE handling

Browse Source
pull/190/head
iamsi 5 years ago
parent 73516e9f14
commit 1ffcee24ca
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

2
src/cdmrmmdvmprotocol.cpp
Unescape View File

@ -739,7 +739,7 @@ bool CDmrmmdvmProtocol::IsValidDvFramePacket(const CBuffer &Buffer, CDvFramePack
memcpy(dmr3ambe, dmrframe, 14); memcpy(dmr3ambe, dmrframe, 14);
dmr3ambe[13] &= 0xF0; dmr3ambe[13] &= 0xF0;
dmr3ambe[13] |= (dmrframe[19] & 0x0F); dmr3ambe[13] |= (dmrframe[19] & 0x0F);
memcpy(&dmr3ambe[14], &dmrframe[20], 14); memcpy(&dmr3ambe[14], &dmrframe[20], 13);
// extract sync // extract sync
dmrsync[0] = dmrframe[13] & 0x0F; dmrsync[0] = dmrframe[13] & 0x0F;
::memcpy(&dmrsync[1], &dmrframe[14], 5); ::memcpy(&dmrsync[1], &dmrframe[14], 5);

2
src/cdmrplusprotocol.cpp
Unescape View File

@ -521,7 +521,7 @@ bool CDmrplusProtocol::IsValidDvFramePacket(const CIp &Ip, const CBuffer &Buffer
memcpy(dmr3ambe, dmrframe, 14); memcpy(dmr3ambe, dmrframe, 14);
dmr3ambe[13] &= 0xF0; dmr3ambe[13] &= 0xF0;
dmr3ambe[13] |= (dmrframe[19] & 0x0F); dmr3ambe[13] |= (dmrframe[19] & 0x0F);
memcpy(&dmr3ambe[14], &dmrframe[20], 14); memcpy(&dmr3ambe[14], &dmrframe[20], 13);
// extract sync // extract sync
dmrsync[0] = dmrframe[13] & 0x0F; dmrsync[0] = dmrframe[13] & 0x0F;
::memcpy(&dmrsync[1], &dmrframe[14], 5); ::memcpy(&dmrsync[1], &dmrframe[14], 5);

Write Preview
Loading…
Cancel
Save

Powered by TurnKey Linux.