From: Jaroslav Kysela <perex@perex.cz>
Date: Thu, 13 Sep 2018 06:41:17 +0000 (+0200)
Subject: tvhcsa: add invalid offset check for CSA descramble
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3812d7755cf8a4ebde2690adb95cd7e97bbf2a72;p=thirdparty%2Ftvheadend.git

tvhcsa: add invalid offset check for CSA descramble
---

diff --git a/src/descrambler/tvhcsa.c b/src/descrambler/tvhcsa.c
index 259882e7e..31b906d01 100644
--- a/src/descrambler/tvhcsa.c
+++ b/src/descrambler/tvhcsa.c
@@ -122,6 +122,8 @@ tvhcsa_csa_cbc_descramble
      pkt[3] &= 0x3f;  // consider it decrypted now
      if(pkt[3] & 0x20) { // incomplete packet
        offset = 4 + pkt[4] + 1;
+       if (offset > 187) // invalid offset
+         break;
        len = 188 - offset;
        n = len >> 3;
        // FIXME: //residue = len - (n << 3);