driver, encx24j600: fix possible buffer overflow

overflow if len < payload_len, that is packet too big

driver, encx24j600: fix possible buffer overflow
b4121974 · Sebastian Meiling · 0150cfc1 · b4121974
Commit b4121974 authored 7 years ago by Sebastian Meiling
--- a/drivers/encx24j600/encx24j600.c
+++ b/drivers/encx24j600/encx24j600.c
@@ -360,7 +360,13 @@ static int _recv(netdev_t *netdev, void *buf, size_t len, void *info)
    /* hdr.frame_len given by device contains 4 bytes checksum */
    size_t payload_len = hdr.frame_len - 4;

+
    if (buf) {
+        if (payload_len > len) {
+            /* payload exceeds buffer size */
+            unlock(dev);
+            return -ENOBUFS;
+        }
 #ifdef MODULE_NETSTATS_L2
        netdev->stats.rx_count++;
        netdev->stats.rx_bytes += len;