Skip to content

Commit

Permalink
Fix overflow on 0x8032 command
Browse files Browse the repository at this point in the history
  • Loading branch information
@fairecasoimeme
fairecasoimeme committed May 24, 2021
1 parent 956abf2 commit 4d4f5cb
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion ...K/SDKPackages/JN5189DK6/middleware/wireless/zigbee/ZigbeeCommon/Source/appZdpExtraction.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1568,6 +1568,7 @@ PUBLIC bool_t zps_bAplZdpUnpackMgmtRtgResponse(ZPS_tsAfEvent *psZdoServerEvent ,
uint8 u8SeqNum;
uint32 u32Location = 0;
uint32 u32LoopCounter;
uint32 tmpMaxLoop=0;

PDUM_thAPduInstance hAPduInst = psZdoServerEvent->uEvent.sApsDataIndEvent.hAPduInst;
uint16 u16ClusterId = psZdoServerEvent->uEvent.sApsDataIndEvent.u16ClusterId;
Expand All @@ -1585,9 +1586,16 @@ PUBLIC bool_t zps_bAplZdpUnpackMgmtRtgResponse(ZPS_tsAfEvent *psZdoServerEvent ,
psReturnStruct->uZdpData.sRtgRsp.u8StartIndex = (( pdum_tsAPduInstance* )hAPduInst )->au8Storage[ u32Location++ ];
psReturnStruct->uZdpData.sRtgRsp.u8RoutingTableCount = (( pdum_tsAPduInstance* )hAPduInst )->au8Storage[ u32Location++ ];

if (psReturnStruct->uZdpData.sRtgRsp.u8RoutingTableEntries > ZPS_APL_ZDP_MAX_NUM_MGMT_RTG_RSP_ROUTE_TABLE_ENTRIES)
{
tmpMaxLoop=ZPS_APL_ZDP_MAX_NUM_MGMT_RTG_RSP_ROUTE_TABLE_ENTRIES;
}else{
tmpMaxLoop=psReturnStruct->uZdpData.sRtgRsp.u8RoutingTableEntries;
}

if(ZPS_E_SUCCESS == psReturnStruct->uZdpData.sRtgRsp.u8Status)
{
for(u32LoopCounter = 0 ; u32LoopCounter < psReturnStruct->uZdpData.sRtgRsp.u8RoutingTableEntries ; u32LoopCounter++)
for(u32LoopCounter = 0 ; u32LoopCounter < tmpMaxLoop ; u32LoopCounter++)
{
APDU_BUF_READ16_INC( psReturnStruct->uZdpData.sRtgRsp.asRoutingTableList[ u32LoopCounter].u16NwkDstAddr,hAPduInst , u32Location);
psReturnStruct->uZdpData.sRtgRsp.asRoutingTableList[ u32LoopCounter].u8Flags = (( pdum_tsAPduInstance* )hAPduInst )->au8Storage[ u32Location++ ];
Expand Down

0 comments on commit 4d4f5cb

Please sign in to comment.