Skip to content

Commit 7af7b6f

Browse files
Bjoerns-TBBjoerns-TB
authored
Fix buffer overflow. (#206)
In C strings are 0-terminated, meaning that after the call to sprintf the char contains { 'a', 'b', '\0' }. This is an array of 3 chars we only reserver memory for 2.
1 parent 06926af commit 7af7b6f

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

src/LoRaWan.cpp

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -298,7 +298,7 @@ bool LoRaWanClass::transferPacket(char *buffer, unsigned char timeout)
298298

299299
bool LoRaWanClass::transferPacket(unsigned char *buffer, unsigned char length, unsigned char timeout)
300300
{
301-
char temp[2] = {0};
301+
char temp[3] = {0};
302302

303303
while(SerialLoRa.available())SerialLoRa.read();
304304

@@ -383,7 +383,7 @@ bool LoRaWanClass::transferPacketWithConfirmed(char *buffer, unsigned char timeo
383383

384384
bool LoRaWanClass::transferPacketWithConfirmed(unsigned char *buffer, unsigned char length, unsigned char timeout)
385385
{
386-
char temp[2] = {0};
386+
char temp[3] = {0};
387387
int i;
388388
unsigned char *ptr;
389389

@@ -431,7 +431,7 @@ short LoRaWanClass::receivePacket(char *buffer, short length, short *rssi)
431431
ptr += 5;
432432
for(short i = 0; ; i ++)
433433
{
434-
char temp[2] = {0, 0};
434+
char temp[3] = {0, 0};
435435
unsigned char tmp = '?', result = 0;
436436

437437
temp[0] = *(ptr + i * 3);
@@ -473,7 +473,7 @@ short LoRaWanClass::receivePacket(char *buffer, short length, short *rssi)
473473
ptr += 9;
474474
for(short i = 0; ; i ++)
475475
{
476-
char temp[2] = {0};
476+
char temp[3] = {0};
477477
unsigned char tmp = '?', result = 0;
478478

479479
temp[0] = *(ptr + i * 3);
@@ -527,7 +527,7 @@ bool LoRaWanClass::transferProprietaryPacket(char *buffer, unsigned char timeout
527527

528528
bool LoRaWanClass::transferProprietaryPacket(unsigned char *buffer, unsigned char length, unsigned char timeout)
529529
{
530-
char temp[2] = {0};
530+
char temp[3] = {0};
531531

532532
while(SerialLoRa.available())SerialLoRa.read();
533533

@@ -822,7 +822,7 @@ void LoRaWanClass::transferPacketP2PMode(char *buffer)
822822

823823
void LoRaWanClass::transferPacketP2PMode(unsigned char *buffer, unsigned char length)
824824
{
825-
char temp[2] = {0};
825+
char temp[3] = {0};
826826

827827
sendCommand("AT+TEST=TXLRPKT,\"");
828828
for(int i = 0; i < length; i ++)
@@ -858,7 +858,7 @@ short LoRaWanClass::receivePacketP2PMode(unsigned char *buffer, short length, sh
858858
ptr += 4;
859859
for(short i = 0; i < number; i ++)
860860
{
861-
char temp[2] = {0};
861+
char temp[3] = {0};
862862
unsigned char tmp='?', result = 0;
863863

864864
temp[0] = *(ptr + i * 2);

0 commit comments

Comments
 (0)