From 6bbcf1b5273aacbc9d16f9216b2a7a929e44be10 Mon Sep 17 00:00:00 2001 From: Paul Hollinsky Date: Fri, 29 Jan 2021 15:47:43 -0500 Subject: [PATCH] Reject CAN frames with length > 8 Previously, they were just truncated. In any case, this is only hit if the userspace daemon gives us more than 8 bytes for CAN, which it shouldn't. --- intrepid.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/intrepid.c b/intrepid.c index 3aa8c5d..cf9039a 100644 --- a/intrepid.c +++ b/intrepid.c @@ -471,7 +471,10 @@ static int intrepid_fill_can_frame_from_neomessage( if (msg->status.remoteFrame) cf->can_id |= CAN_RTR_FLAG; - cf->can_dlc = get_can_dlc(msg->length); + if (unlikely(msg->length > 8)) + return -1; + + cf->can_dlc = msg->length; memcpy(cf->data, data, cf->can_dlc); stats->rx_bytes += cf->can_dlc;