adb: restore packet data length checks. These checks were moved to after the read of the payload, which is too late. Add a check before each read to avoid a heap buffer overflow. Test: python test_device.py with x86_64 emulator, walleye Change-Id: I86bcfaaa9004951cc52ad89af74680cf748e717d

commit: b14756a7754dbb46d6f7d0a7814b0bcc61741e67 [log] [tgz]
author: Josh Gao <jmgao@google.com> Fri Feb 02 14:38:04 2018 -0800
committer: Josh Gao <jmgao@google.com> Tue Feb 06 12:59:06 2018 -0800
tree: 3a7e3f47f8b6de9e9f37f2286aac2eaf48b0e1f6
parent: 2b3db9e35c05c2653bb92c277ebe42f6fb322803 [diff] [blame]
diff --git a/transport.cpp b/transport.cpp
index 5acaaec..c90c59c 100644
--- a/transport.cpp
+++ b/transport.cpp

@@ -72,6 +72,11 @@
         return false;
     }
 
+    if (packet->msg.data_length > sizeof(packet->data)) {
+        D("remote local: read overflow (data length = %" PRIu32 ")", packet->msg.data_length);
+        return false;
+    }
+
     if (!ReadFdExactly(fd_.get(), &packet->data, packet->msg.data_length)) {
         D("remote local: terminated (data)");
         return false;
commit	b14756a7754dbb46d6f7d0a7814b0bcc61741e67	[log] [tgz]
author	Josh Gao <jmgao@google.com>	Fri Feb 02 14:38:04 2018 -0800
committer	Josh Gao <jmgao@google.com>	Tue Feb 06 12:59:06 2018 -0800
tree	3a7e3f47f8b6de9e9f37f2286aac2eaf48b0e1f6
parent	2b3db9e35c05c2653bb92c277ebe42f6fb322803 [diff] [blame]