fix(zwave_rx): Harden zwave_rx_zwapi_callbacks.c

rzr · rzr · commit a8458c7e4fa5 · 2025-09-05T15:43:37.000+02:00
Add extra check to prevent small buffers attacks.

Bug-SiliconLabs: UIC-3672
Relate-to: SLVDBBP-3169959
Signed-off-by: Philippe Coval &lt;philippe.coval@silabs.com&gt;
diff --git a/applications/zpc/components/zwave/zwave_rx/src/zwave_rx_zwapi_callbacks.c b/applications/zpc/components/zwave/zwave_rx/src/zwave_rx_zwapi_callbacks.c
@@ -207,7 +207,9 @@ static void
                                 zwave_node_info_t *destination_node_info)
 {
   if (zwapi_zwave_nif == NULL || destination_node_info == NULL
-      || zwapi_zwave_nif_length == 0) {
+      || zwapi_zwave_nif_length == 0
+      || zwapi_zwave_nif_length <= 3  // For zwave_command_class_list_unpack
+  ) {
     return;
   }
 

Original file line number	Diff line number	Diff line change
`@@ -207,7 +207,9 @@ static void`
`207`	`207`	`zwave_node_info_t *destination_node_info)`
`208`	`208`	`{`
`209`	`209`	`if (zwapi_zwave_nif == NULL \|\| destination_node_info == NULL`
`210`		`- \|\| zwapi_zwave_nif_length == 0) {`
	`210`	`+ \|\| zwapi_zwave_nif_length == 0`
	`211`	`+ \|\| zwapi_zwave_nif_length <= 3 // For zwave_command_class_list_unpack`
	`212`	`+ ) {`
`211`	`213`	`return;`
`212`	`214`	`}`
`213`	`215`