if (!DNP3ReadUint8(buf, len, &object->status_code)) {
goto error;
}
- if (prefix - (offset - *len) >= 255) {
+ if (prefix - (offset - *len) >= 255 || prefix < (offset - *len)) {
goto error;
}
- object->optional_text_len = prefix - (offset - *len);
+ object->optional_text_len = (uint8_t)(prefix - (offset - *len));
if (object->optional_text_len > 0) {
if (*len < object->optional_text_len) {
/* Not enough data. */
if (!DNP3ReadUint32(buf, len, &object->block_number)) {
goto error;
}
- if (prefix - (offset - *len) >= 255) {
+ if (prefix - (offset - *len) >= 255 || prefix < (offset - *len)) {
goto error;
}
- object->file_data_len = prefix - (offset - *len);
+ object->file_data_len = (uint8_t)(prefix - (offset - *len));
if (object->file_data_len > 0) {
if (*len < object->file_data_len) {
/* Not enough data. */
if (!DNP3ReadUint8(buf, len, &object->status_code)) {
goto error;
}
- if (prefix - (offset - *len) >= 255) {
+ if (prefix - (offset - *len) >= 255 || prefix < (offset - *len)) {
goto error;
}
- object->optional_text_len = prefix - (offset - *len);
+ object->optional_text_len = (uint8_t)(prefix - (offset - *len));
if (object->optional_text_len > 0) {
if (*len < object->optional_text_len) {
/* Not enough data. */
offset = *len;
- if (prefix - (offset - *len) >= 65535) {
+ if (prefix - (offset - *len) >= 65535 || prefix < (offset - *len)) {
goto error;
}
- object->file_specification_len = prefix - (offset - *len);
+ object->file_specification_len = (uint16_t)(prefix - (offset - *len));
if (object->file_specification_len > 0) {
if (*len < object->file_specification_len) {
/* Not enough data. */
if (!DNP3ReadUint8(buf, len, &object->reason)) {
goto error;
}
- object->challenge_data_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->challenge_data_len = (uint16_t)(prefix - (offset - *len));
if (object->challenge_data_len > 0) {
if (*len < object->challenge_data_len) {
/* Not enough data. */
if (!DNP3ReadUint16(buf, len, &object->usr)) {
goto error;
}
- object->mac_value_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->mac_value_len = (uint16_t)(prefix - (offset - *len));
if (object->mac_value_len > 0) {
if (*len < object->mac_value_len) {
/* Not enough data. */
*buf += object->challenge_data_len;
*len -= object->challenge_data_len;
}
- object->mac_value_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->mac_value_len = (uint16_t)(prefix - (offset - *len));
if (object->mac_value_len > 0) {
if (*len < object->mac_value_len) {
/* Not enough data. */
if (!DNP3ReadUint16(buf, len, &object->usr)) {
goto error;
}
- object->wrapped_key_data_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->wrapped_key_data_len = (uint16_t)(prefix - (offset - *len));
if (object->wrapped_key_data_len > 0) {
if (*len < object->wrapped_key_data_len) {
/* Not enough data. */
if (!DNP3ReadUint48(buf, len, &object->time_of_error)) {
goto error;
}
- if (prefix - (offset - *len) >= 65535) {
+ if (prefix - (offset - *len) >= 65535 || prefix < (offset - *len)) {
goto error;
}
- object->error_text_len = prefix - (offset - *len);
+ object->error_text_len = (uint16_t)(prefix - (offset - *len));
if (object->error_text_len > 0) {
if (*len < object->error_text_len) {
/* Not enough data. */
if (!DNP3ReadUint8(buf, len, &object->certificate_type)) {
goto error;
}
- object->certificate_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->certificate_len = (uint16_t)(prefix - (offset - *len));
if (object->certificate_len > 0) {
if (*len < object->certificate_len) {
/* Not enough data. */
offset = *len;
- object->mac_value_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->mac_value_len = (uint16_t)(prefix - (offset - *len));
if (object->mac_value_len > 0) {
if (*len < object->mac_value_len) {
/* Not enough data. */
offset = *len;
- object->digital_signature_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->digital_signature_len = (uint16_t)(prefix - (offset - *len));
if (object->digital_signature_len > 0) {
if (*len < object->digital_signature_len) {
/* Not enough data. */
offset = *len;
- object->mac_len = prefix - (offset - *len);
+ if (prefix < (offset - *len)) {
+ goto error;
+ }
+ object->mac_len = (uint16_t)(prefix - (offset - *len));
if (object->mac_len > 0) {
if (*len < object->mac_len) {
/* Not enough data. */