From 8af6be402eba48a02853bebc5f9f6d5b9e8844f3 Mon Sep 17 00:00:00 2001
From: Serhii Kostiuk <serhii.o.kostiuk@globallogic.com>
Date: Thu, 23 Jul 2020 15:37:29 +0300
Subject: Quectel Delta Radio Firmware Upgrade support - libmts-io
 implementation

Added more strict handling for comma-separated data in URC messages to prevent out-of-bounds reads.
---
 src/MTS_IO_QuectelRadio.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/MTS_IO_QuectelRadio.cpp b/src/MTS_IO_QuectelRadio.cpp
index 39c0601..59170fe 100644
--- a/src/MTS_IO_QuectelRadio.cpp
+++ b/src/MTS_IO_QuectelRadio.cpp
@@ -1016,11 +1016,12 @@ ICellularRadio::CODE QuectelRadio::fumoWaitUpgradeFinished(ICellularRadio::Updat
         }
 
         const auto vParts = MTS::Text::split(MTS::Text::trim(sResponse), ',', 3);
-        const std::string& sStage = vParts[1];
+        const std::string& sStage = getByIndex(vParts, 1, "NOT_DEFINED");
+
         if (sStage == sFotaUrcEnd) {
             // FOTA finished
             printTrace("Got FOTA END message");
-            const std::string& sCode = vParts[2];
+            const std::string& sCode = getByIndex(vParts, 2, "-1");
 
             if (sCode == "0") {
                 // finished successfully
@@ -1034,11 +1035,11 @@ ICellularRadio::CODE QuectelRadio::fumoWaitUpgradeFinished(ICellularRadio::Updat
             printTrace("Got FOTA START message");
         } else if (sStage == sFotaUrcProgress) {
             printTrace("Got FOTA progress message");
-            const std::string& sPercents = vParts[2];
+            const std::string& sPercents = getByIndex(vParts, 2, "0");
             printInfo("FOTA progress: [%s]", sPercents.c_str());
             callNextStep(stepCb, "FUMO Info: firmware apply progress " + sPercents);
         } else {
-            printInfo("FOTA unexpected URC code: [%s]", sStage.c_str());
+            printInfo("FOTA unexpected URC code: [%s]", sResponse.c_str());
         }
     }
 
-- 
cgit v1.2.3