From c8843d3391a1b2139255d46a23104ada9a12d207 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@kth.se>
Date: Sat, 21 Oct 2017 18:39:42 +0200
Subject: libsbus_receive: check message length to avoid reading outside it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@kth.se>
---
 libsbus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsbus.c b/libsbus.c
index 9b8b9ad..4a913ec 100644
--- a/libsbus.c
+++ b/libsbus.c
@@ -69,7 +69,7 @@ libsbus_receive(int fd, int flags, char *buf, union libsbus_packet *packet)
 	if (r < 0)
 		return -1;
 
-	if (!strncmp(buf, "MSG ", 4)) {
+	if (r >= 4 && !strncmp(buf, "MSG ", 4)) {
 		p = memchr(buf, '\0', r);
 		if (!*p++)
 			goto unknown;
-- 
cgit v1.2.3-70-g09d2