Memory Safety: High
The handle_get_avb_info_common() function copied network packet data
into a stack buffer using memcpy(buf, m, len) without validating that
len fits within the 2048-byte buffer. A crafted AVB packet with a
large length could overflow the stack buffer. Added bounds validation
matching the pattern already used in handle_read_descriptor_common().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Memory Safety: High
The cmd_names[] array was indexed with a network-provided command type
value before the bounds check, allowing an out-of-bounds read when
processing crafted AVB network packets. Moved the bounds validation
before the array access to prevent reading past the end of the array.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1. The period calls were added to handle timeouts.
2. Handle the case where lock must be unlocked after 60s if the
controller owning the locked does not release it.
handle_acquire_entity_avb_legacy() and handle_lock_entity_avb_legacy()
incorrectly treated the full ethernet frame pointer as the AEM packet
pointer, causing p->payload to read descriptor_type and descriptor_id
from the wrong offset. Fix by properly skipping the ethernet header,
matching the pattern used by all other AEM command handlers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
In the current state the GET/SET stream format can handle the commands
response however, yet, it does not take care of checking that:
* A bound input stream cannot have it set, should reply accordingly
* A STREAMING_STREAM output stream cannot have it set, should reply
accordingly.
This introduces the following changes:
* Using the time at which the command was received
* Preparation for the unsollicited notifications
* New folder holding all the AECP_AEM commands/responses and utils
* Improving the code-reusability by using common handlers
This introduces the following changes:
* Using the time at which the command was received
* Preparation for the unsollicited notifications
* New folder holding all the AECP_AEM commands/responses and utils
* Improving the code-reusability by using common handlers
