From 43d401288450c187a016a30ca42e8b96d94065c9 Mon Sep 17 00:00:00 2001 From: Murilo Belluzzo Date: Mon, 4 Jul 2016 22:31:35 -0300 Subject: [PATCH] AP_HAL: Fix TOCTOU in ByteBuffer::peekiovec() --- libraries/AP_HAL/utility/RingBuffer.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libraries/AP_HAL/utility/RingBuffer.cpp b/libraries/AP_HAL/utility/RingBuffer.cpp index 76eb30df79..c1350b1655 100644 --- a/libraries/AP_HAL/utility/RingBuffer.cpp +++ b/libraries/AP_HAL/utility/RingBuffer.cpp @@ -98,13 +98,15 @@ bool ByteBuffer::advance(uint32_t n) uint8_t ByteBuffer::peekiovec(ByteBuffer::IoVec iovec[2], uint32_t len) { - if (len > available()) { - len = available(); + uint32_t n = available(); + + if (len > n) { + len = n; } if (len == 0) { return 0; } - uint32_t n; + auto b = readptr(n); if (n > len) { n = len;