sfp: buffer overflow in csp_sfp_send_own_memcpy
Closed this issue · 1 comments
dimitrovand commented
Passing MTU > (CSP_BUFFER_SIZE - sizeof(sfp_header_t))
can lead to a buffer overflow when data is copied into packet->data
. The only way to prevent such a scenario is to use your own memcpy
function which checks if the size
to be copied is valid. The issue is caused by csp_buffer_get(...)
no longer checking its input parameters.
dimitrovand commented
Just saw PR #503