pespin has submitted this change. ( https://gerrit.osmocom.org/c/libosmo-sigtran/+/38359?usp=email ) Change subject: coverity CID#216830 ...................................................................... coverity CID#216830 sanity-check par->len received on the wire. (cherry picked from commit 0285323c2bbe8efdcc7215179f890ac727ca7cac) Change-Id: I1dcc3cb724c9644191de675cac0670ca292a75ba --- M src/sua.c 1 file changed, 4 insertions(+), 0 deletions(-) Approvals: osmith: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/sua.c b/src/sua.c index 9e281e0..3d9d7ec 100644 --- a/src/sua.c +++ b/src/sua.c @@ -436,6 +436,10 @@ par = (struct xua_parameter_hdr *) &param->dat[pos]; par_tag = ntohs(par->tag); par_len = ntohs(par->len); + + /* sanity: check par->len received on the wire, make sure the subtraction does not wrap past zero. */ + if (par_len < sizeof(*par)) + goto subpar_fail; par_datalen = par_len - sizeof(*par); LOGP(DLSUA, LOGL_DEBUG, "SUA IEI 0x%04x pos %hu/%hu: subpart tag 0x%04x, len %hu\n", -- To view, visit https://gerrit.osmocom.org/c/libosmo-sigtran/+/38359?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: libosmo-sigtran Gerrit-Branch: pespin/2.0.0 Gerrit-Change-Id: I1dcc3cb724c9644191de675cac0670ca292a75ba Gerrit-Change-Number: 38359 Gerrit-PatchSet: 1 Gerrit-Owner: pespin &lt;pespin(a)sysmocom.de&gt; Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: osmith &lt;osmith(a)sysmocom.de&gt; Gerrit-Reviewer: pespin &lt;pespin(a)sysmocom.de&gt;