Merge pull request #6 from karrots/master

Fixed SSID input validation
2025-01-16 17:57:12 -05:00 · 2015-10-07 12:33:04 +02:00 · 2015-10-07 12:33:04 +02:00 · cd07dc7e67
commit cd07dc7e67
parent 0583369897 6bd07702f7
1 changed files with 30 additions and 26 deletions
--- a/protocol/SimpleSerial.c
+++ b/protocol/SimpleSerial.c
@ -417,38 +417,42 @@ void ss_serialCallback(void *_buffer, size_t length, AX25Ctx *ctx) {
        } else if (buffer[0] == 's' && length > 2) {
            buffer++; length--;
            if (buffer[0] == 'c') {
-                if (length > 2 && buffer[2] > 48 && buffer[2] < 58) {
+                if (length > 2 && buffer[2] > 48 && buffer[2] < 58 && buffer[1] > 48) {
                    CALL_SSID = 10+buffer[2]-48;
-                } else {
+                } else
-                    CALL_SSID = buffer[1]-48;
+                    if ( buffer[1] > 48 && buffer[1] < 58) {
-                }
+                        CALL_SSID = buffer[1]-48;
                    }
                if (VERBOSE) printf_P(PSTR("Callsign: %.6s-%d\n"), CALL, CALL_SSID);
                if (!VERBOSE && !SILENT) printf_P(PSTR("1\n"));
            }
            if (buffer[0] == 'd') {
-                if (length > 2 && buffer[2] > 48 && buffer[2] < 58) {
+                if (length > 2 && buffer[2] > 48 && buffer[2] < 58 && buffer[1] > 48) {
                    DST_SSID = 10+buffer[2]-48;
-                } else {
+                } else
-                    DST_SSID = buffer[1]-48;
+                    if ( buffer[1] > 48 && buffer[1] < 58) {
-                }
+                        DST_SSID = buffer[1]-48;
                    }
                if (VERBOSE) printf_P(PSTR("Destination: %.6s-%d\n"), DST, DST_SSID);
                if (!VERBOSE && !SILENT) printf_P(PSTR("1\n"));
            }
-            if (buffer[0] == '1' && buffer[2] > 48 && buffer[2] < 58) {
+            if (buffer[0] == '1' ) {
-                if (length > 2) {
+                if (length > 2 && buffer[2] > 48 && buffer[2] < 58 && buffer[1] > 48) {
                    PATH1_SSID = 10+buffer[2]-48;
-                } else {
+                } else
-                    PATH1_SSID = buffer[1]-48;
+                    if ( buffer[1] > 48 && buffer[1] < 58) {
-                }
+                        PATH1_SSID = buffer[1]-48;
                    }
                if (VERBOSE) printf_P(PSTR("Path1: %.6s-%d\n"), PATH1, PATH1_SSID);
                if (!VERBOSE && !SILENT) printf_P(PSTR("1\n"));
            }
-            if (buffer[0] == '2' && buffer[2] > 48 && buffer[2] < 58) {
+            if (buffer[0] == '2' ) {
-                if (length > 2) {
+                if (length > 2 && buffer[2] > 48 && buffer[2] < 58 && buffer[1] > 48) {
                    PATH2_SSID = 10+buffer[2]-48;
-                } else {
+                } else
                    if (buffer[2] > 48 && buffer[2] < 58) {
                    PATH2_SSID = buffer[1]-48;
-                }
+                    }
                if (VERBOSE) printf_P(PSTR("Path2: %.6s-%d\n"), PATH2, PATH2_SSID);
                if (!VERBOSE && !SILENT) printf_P(PSTR("1\n"));
            }
@ -601,7 +605,7 @@ void ss_serialCallback(void *_buffer, size_t length, AX25Ctx *ctx) {
                }
                if (!VERBOSE && !SILENT) printf_P(PSTR("1\n"));
            } else if (buffer[0] == 's' && length > 1) {
-                if (length > 2) {
+                if (length > 3) {
                    message_recip_ssid = 10+buffer[2]-48;
                } else {
                    message_recip_ssid = buffer[1]-48;