PowLu/TencentOS-tiny
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update LoRaMac-node to Version 4.4.4,fix Security breach found by Tencent Blade Team please refer to security advisory - CVE-2020-11068

Browse Source 
fix Security breach found by Tencent Blade Team please refer to security advisory - CVE-2020-11068
This commit is contained in:
supowang
2020-05-29 11:59:05 +08:00
parent 5d9895cecc
commit f9bd2588a2
137 changed files with 10401 additions and 4328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
components/connectivity/LoraWAN/mac/LoRaMacSerializer.c
View File

@@ -107,7 +107,7 @@ LoRaMacSerializerStatus_t LoRaMacSerializerReJoinType0or2( LoRaMacMessageReJoinT
macMsg->Buffer[bufItr++] = macMsg->ReJoinType;
memcpyr( &macMsg->Buffer[bufItr], macMsg->NetID, LORAMAC_NET_ID_FIELD_SIZE );
memcpy1( &macMsg->Buffer[bufItr], macMsg->NetID, LORAMAC_NET_ID_FIELD_SIZE );
bufItr += LORAMAC_NET_ID_FIELD_SIZE;
memcpyr( &macMsg->Buffer[bufItr], macMsg->DevEUI, LORAMAC_DEV_EUI_FIELD_SIZE );
@@ -130,23 +130,23 @@ LoRaMacSerializerStatus_t LoRaMacSerializerData( LoRaMacMessageData_t* macMsg )
// Check macMsg->BufSize
uint16_t computedBufSize = LORAMAC_MHDR_FIELD_SIZE
+ LORAMAC_FHDR_DEV_ADD_FIELD_SIZE
+ LORAMAC_FHDR_DEV_ADDR_FIELD_SIZE
+ LORAMAC_FHDR_F_CTRL_FIELD_SIZE
+ LORAMAC_FHDR_F_CNT_FIELD_SIZE;
if( macMsg->FRMPayloadSize == 0 )
computedBufSize += macMsg->FHDR.FCtrl.Bits.FOptsLen;
if( macMsg->FRMPayloadSize > 0 )
{
if( macMsg->BufSize < computedBufSize )
{
return LORAMAC_SERIALIZER_ERROR_BUF_SIZE;
}
computedBufSize += LORAMAC_F_PORT_FIELD_SIZE;
}
else
{ //If FRMPayload >0, FPort field is present.
if( macMsg->BufSize < computedBufSize + macMsg->FHDR.FCtrl.Bits.FOptsLen + macMsg->FRMPayloadSize + LORAMAC_F_PORT_FIELD_SIZE )
{
return LORAMAC_SERIALIZER_ERROR_BUF_SIZE;
}
computedBufSize += macMsg->FRMPayloadSize;
computedBufSize += LORAMAC_MIC_FIELD_SIZE;
if( macMsg->BufSize < computedBufSize )
{
return LORAMAC_SERIALIZER_ERROR_BUF_SIZE;
}
macMsg->Buffer[bufItr++] = macMsg->MHDR.Value;