sfp: buffer overflow in csp_sfp_send_own_memcpy

Question

sfp: buffer overflow in csp_sfp_send_own_memcpy

Closed this issue a month ago · 1 comments

Passing MTU > (CSP_BUFFER_SIZE - sizeof(sfp_header_t)) can lead to a buffer overflow when data is copied into packet->data. The only way to prevent such a scenario is to use your own memcpy function which checks if the size to be copied is valid. The issue is caused by csp_buffer_get(...) no longer checking its input parameters.

Answer 1 · 2024-05-29T07:44:57.000Z

Just saw PR #503