adb: restore packet data length checks.
These checks were moved to after the read of the payload, which is too
late. Add a check before each read to avoid a heap buffer overflow.
Test: python test_device.py with x86_64 emulator, walleye
Change-Id: I86bcfaaa9004951cc52ad89af74680cf748e717d
diff --git a/transport.cpp b/transport.cpp
index 5acaaec..c90c59c 100644
--- a/transport.cpp
+++ b/transport.cpp
@@ -72,6 +72,11 @@
return false;
}
+ if (packet->msg.data_length > sizeof(packet->data)) {
+ D("remote local: read overflow (data length = %" PRIu32 ")", packet->msg.data_length);
+ return false;
+ }
+
if (!ReadFdExactly(fd_.get(), &packet->data, packet->msg.data_length)) {
D("remote local: terminated (data)");
return false;