From ea8e476434bed74852441f2bf19e305e26fdfb66 Mon Sep 17 00:00:00 2001
From: Tim Hawes <me@timhawes.com>
Date: Sat, 2 May 2020 11:15:38 +0100
Subject: [PATCH] Buffer overflow in ax_port_read

---
 src/tcp_axtls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tcp_axtls.c b/src/tcp_axtls.c
index cdbdf41..3475d3d 100644
--- a/src/tcp_axtls.c
+++ b/src/tcp_axtls.c
@@ -562,7 +562,7 @@ int ax_port_read(int fd, uint8_t *data, int len) {
     return 0;
   }
 
-  read_buf =(uint8_t*)calloc(fd_data->tcp_pbuf->len + 1, sizeof(uint8_t));
+  read_buf =(uint8_t*)calloc(len, sizeof(uint8_t));
   pread_buf = read_buf;
   if (pread_buf != NULL){
     recv_len = pbuf_copy_partial(fd_data->tcp_pbuf, read_buf, len, fd_data->pbuf_offset);