ndn_interest_from_block buffer overflow

As of 4fe193eddc7b5e2bf3ec62a790a1bd5247b6c7ff, ndn_interest_from_block function invokes:

else if (type == TLV_Parameters) {
  interest->enable_Parameters = 1;
  decoder_get_length(&decoder, &interest->parameters.size);
  decoder_get_raw_buffer_value(&decoder, interest->parameters.value,
                               interest->parameters.size);
}

interest->parameters.value is a fixed size buffer. interest->parameters.size comes from network and the function does not check whether it exceeds the buffer capacity. Therefore, an attacker can trigger a buffer overflow using this function.

named-data-iot / ndn-lite

ndn_interest_from_block buffer overflow #17