HdlcEncoder::decode lack of validation

https://github.com/openpst/libopenpst/blob/master/src/qualcomm/hdlc_encoder.cpp#L93
```
// off-by-one OOB read if i == length of data
buffer[osize++] = data[i + 1] ^ HDLC_ESC_MASK;
```

https://github.com/openpst/libopenpst/blob/master/src/qualcomm/hdlc_encoder.cpp#L102
```
// int underflow if sizeof(crc) > osize
uint16_t crc = crc16(reinterpret_cast<const char*>(buffer), osize - sizeof(crc));
```

https://github.com/openpst/libopenpst/blob/master/src/qualcomm/hdlc_encoder.cpp#L103
```
// OOB read if buffer length < 2
uint16_t chk = *((uint16_t*)&buffer[osize - 2]);
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HdlcEncoder::decode lack of validation #5

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

HdlcEncoder::decode lack of validation #5

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions