Merge pull request arduino#317 from tekka007/nullTerminationFix

henrikekblad · henrikekblad · commit bc3296883add · 2016-01-02T11:33:59.000+01:00
Fix null termination issue
diff --git a/libraries/MySensors/core/MyTransport.cpp b/libraries/MySensors/core/MyTransport.cpp
@@ -74,15 +74,17 @@ inline void transportProcess() {
 	(void)signerCheckTimer(); // Manage signing timeout
 	#endif
 
-	uint8_t len = transportReceive((uint8_t *)&_msg);
-	(void)len; //until somebody makes use of 'len'
+	uint8_t payloadLength = transportReceive((uint8_t *)&_msg);
+	(void)payloadLength; //until somebody makes use of it
 	ledBlinkRx(1);
 
+	
 	uint8_t command = mGetCommand(_msg);
 	uint8_t type = _msg.type;
 	uint8_t sender = _msg.sender;
 	uint8_t last = _msg.last;
 	uint8_t destination = _msg.destination;
+	
 
 	#ifdef MY_SIGNING_FEATURE
 		// Before processing message, reject unsigned messages if signing is required and check signature (if it is signed and addressed to us)
@@ -137,7 +139,11 @@ inline void transportProcess() {
 	if (destination == _nc.nodeId) {
 		// This message is addressed to this node
 		mSetSigned(_msg,0); // Clear the sign-flag now as verification is completed
-
+		// prevent buffer overflow by limiting max. possible message length (5 bits=31 bytes max) to MAX_PAYLOAD (25 bytes)
+		mSetLength(_msg, min(mGetLength(_msg),MAX_PAYLOAD));
+		// null terminate data
+		_msg.data[mGetLength(_msg)] = 0x00;
+		
 		#if defined(MY_REPEATER_FEATURE)
 			if (_msg.last != _nc.parentNodeId) {
 				// Message is from one of the child nodes. Add it to routing table.
