pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/35624?usp=email ) Change subject: gsup: Fail decoding if len of PDP Type IE is less than 2 bytes ...................................................................... gsup: Fail decoding if len of PDP Type IE is less than 2 bytes As documented in gsup.adoc, this field is expected to be 2 bytes. Change-Id: I0d024a9a4fb10beeff39ac33a9d2ed02f88f4580 --- M src/gsm/gsup.c M tests/gsup/gsup_test.err 2 files changed, 14 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/24/35624/1 diff --git a/src/gsm/gsup.c b/src/gsm/gsup.c index 4e18ddb..2beff4a 100644 --- a/src/gsm/gsup.c +++ b/src/gsm/gsup.c @@ -150,6 +150,8 @@ break; case OSMO_GSUP_PDP_TYPE_IE: + if (value_len < 2) + return -GMM_CAUSE_PROTO_ERR_UNSPEC; pdp_info->pdp_type = osmo_decode_big_endian(value, value_len) & 0x0fff; break; diff --git a/tests/gsup/gsup_test.err b/tests/gsup/gsup_test.err index 7b2fda9..fc3c86e 100644 --- a/tests/gsup/gsup_test.err +++ b/tests/gsup/gsup_test.err @@ -164,7 +164,7 @@ message 2: tested 21248 modifications, 2577 parse failures message 3: tested 2816 modifications, 510 parse failures message 4: tested 3584 modifications, 770 parse failures - message 5: tested 20736 modifications, 4025 parse failures + message 5: tested 20736 modifications, 4028 parse failures message 6: tested 3584 modifications, 771 parse failures message 7: tested 3584 modifications, 770 parse failures message 8: tested 2816 modifications, 510 parse failures -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/35624?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: I0d024a9a4fb10beeff39ac33a9d2ed02f88f4580 Gerrit-Change-Number: 35624 Gerrit-PatchSet: 1 Gerrit-Owner: pespin &lt;pespin(a)sysmocom.de&gt; Gerrit-MessageType: newchange