fixeria has submitted this change. ( https://gerrit.osmocom.org/c/osmocom-bb/+/35585?usp=email ) Change subject: mobile: gsm48_cc_data_ind(): check if struct gsm48_hdr fits ...................................................................... mobile: gsm48_cc_data_ind(): check if struct gsm48_hdr fits Change-Id: I06c1877f603d3de0210dee7033ef163637c22054 Related: OS#4396 --- M src/host/layer23/src/mobile/gsm48_cc.c 1 file changed, 22 insertions(+), 6 deletions(-) Approvals: jolly: Looks good to me, but someone else must approve Jenkins Builder: Verified pespin: Looks good to me, approved diff --git a/src/host/layer23/src/mobile/gsm48_cc.c b/src/host/layer23/src/mobile/gsm48_cc.c index c3ec94b..21f68d3 100644 --- a/src/host/layer23/src/mobile/gsm48_cc.c +++ b/src/host/layer23/src/mobile/gsm48_cc.c @@ -2148,15 +2148,21 @@ static int gsm48_cc_data_ind(struct gsm_trans *trans, struct msgb *msg) { struct osmocom_ms *ms = trans->ms; - struct gsm48_hdr *gh = msgb_l3(msg); - int msg_type = gh->msg_type & 0xbf; - uint8_t transaction_id = ((gh->proto_discr & 0xf0) ^ 0x80) >> 4; - /* flip */ + const struct gsm48_hdr *gh = msgb_l3(msg); int msg_supported = 0; /* determine, if message is supported at all */ + uint8_t msg_type; int i, rc; - /* set transaction ID, if not already */ - trans->transaction_id = transaction_id; + if (msgb_l3len(msg) < sizeof(*gh)) { + LOGP(DCC, LOGL_INFO, "%s(): short read of msgb: %s\n", + __func__, msgb_hexdump(msg)); + return -EINVAL; + } + + msg_type = gh->msg_type & 0xbf; + + /* set transaction ID (flip), if not already */ + trans->transaction_id = ((gh->proto_discr & 0xf0) ^ 0x80) >> 4; /* pull the MMCC header */ msgb_pull(msg, sizeof(struct gsm48_mmxx_hdr)); -- To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/35585?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Change-Id: I06c1877f603d3de0210dee7033ef163637c22054 Gerrit-Change-Number: 35585 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria &lt;vyanitskiy(a)sysmocom.de&gt; Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria &lt;vyanitskiy(a)sysmocom.de&gt; Gerrit-Reviewer: jolly &lt;andreas(a)eversberg.eu&gt; Gerrit-Reviewer: pespin &lt;pespin(a)sysmocom.de&gt; Gerrit-MessageType: merged