[S] Change in osmocom-bb[master]: Add header length check to received CCCH messages

laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmocom-bb/+/34555?usp=email ) Change subject: Add header length check to received CCCH messages ...................................................................... Add header length check to received CCCH messages Change-Id: I3bc6b0b997e6ea1048c3357d276adfcc1638b02b --- M src/host/layer23/src/mobile/gsm48_rr.c 1 file changed, 14 insertions(+), 0 deletions(-) Approvals: Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve fixeria: Looks good to me, approved diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c index e5e2162..d725642 100644 --- a/src/host/layer23/src/mobile/gsm48_rr.c +++ b/src/host/layer23/src/mobile/gsm48_rr.c @@ -4856,6 +4856,11 @@ { struct gsm48_system_information_type_header *sih = msgb_l3(msg); + if (msgb_l3len(msg) < sizeof(*sih)) { + LOGP(DRR, LOGL_NOTICE, "Short read of CCCH message.\n"); + return -EINVAL; + } + switch (sih->system_information) { case GSM48_MT_RR_PAG_REQ_1: return gsm48_rr_rx_pag_req_1(ms, msg); -- To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/34555?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Change-Id: I3bc6b0b997e6ea1048c3357d276adfcc1638b02b Gerrit-Change-Number: 34555 Gerrit-PatchSet: 2 Gerrit-Owner: jolly &lt;andreas(a)eversberg.eu&gt; Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria &lt;vyanitskiy(a)sysmocom.de&gt; Gerrit-Reviewer: laforge &lt;laforge(a)osmocom.org&gt; Gerrit-Reviewer: pespin &lt;pespin(a)sysmocom.de&gt; Gerrit-MessageType: merged