net: mqtt: Improve buffer bounds validation in mqtt_read_message_chunk
Verify more strictly that data read from the transport fits into RX buffer. Switch to unsigned integers, where possible, to prevent unnecessary signed/unsigned operations. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit is contained in:
parent
1ad165a62d
commit
6110a7cb63
1 changed files with 9 additions and 6 deletions
|
@ -146,20 +146,23 @@ static int mqtt_handle_packet(struct mqtt_client *client,
|
|||
static int mqtt_read_message_chunk(struct mqtt_client *client,
|
||||
struct buf_ctx *buf, u32_t length)
|
||||
{
|
||||
int remaining;
|
||||
u32_t remaining;
|
||||
int len;
|
||||
|
||||
/* In case all data requested has already been buffered, return. */
|
||||
if (length <= (buf->end - buf->cur)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Calculate how much data we need to read from the transport,
|
||||
* given the already buffered data.
|
||||
*/
|
||||
remaining = length - (buf->end - buf->cur);
|
||||
if (remaining <= 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Check if read does not exceed the buffer. */
|
||||
if (buf->end + remaining > client->rx_buf + client->rx_buf_size) {
|
||||
MQTT_ERR("[CID %p]: Buffer too small to receive the message",
|
||||
if ((buf->end + remaining > client->rx_buf + client->rx_buf_size) ||
|
||||
(buf->end + remaining < client->rx_buf)) {
|
||||
MQTT_ERR("[CID %p]: Read would exceed RX buffer bounds.",
|
||||
client);
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue