pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/35624?usp=email )

Change subject: gsup: Fail decoding if len of PDP Type IE is less than 2 bytes ......................................................................

gsup: Fail decoding if len of PDP Type IE is less than 2 bytes

As documented in gsup.adoc, this field is expected to be 2 bytes.

Change-Id: I0d024a9a4fb10beeff39ac33a9d2ed02f88f4580 --- M src/gsm/gsup.c M tests/gsup/gsup_test.err 2 files changed, 14 insertions(+), 1 deletion(-)

git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/24/35624/1

diff --git a/src/gsm/gsup.c b/src/gsm/gsup.c index 4e18ddb..2beff4a 100644 --- a/src/gsm/gsup.c +++ b/src/gsm/gsup.c @@ -150,6 +150,8 @@ break;

case OSMO_GSUP_PDP_TYPE_IE: + if (value_len < 2) + return -GMM_CAUSE_PROTO_ERR_UNSPEC; pdp_info->pdp_type = osmo_decode_big_endian(value, value_len) & 0x0fff; break; diff --git a/tests/gsup/gsup_test.err b/tests/gsup/gsup_test.err index 7b2fda9..fc3c86e 100644 --- a/tests/gsup/gsup_test.err +++ b/tests/gsup/gsup_test.err @@ -164,7 +164,7 @@ message 2: tested 21248 modifications, 2577 parse failures message 3: tested 2816 modifications, 510 parse failures message 4: tested 3584 modifications, 770 parse failures - message 5: tested 20736 modifications, 4025 parse failures + message 5: tested 20736 modifications, 4028 parse failures message 6: tested 3584 modifications, 771 parse failures message 7: tested 3584 modifications, 770 parse failures message 8: tested 2816 modifications, 510 parse failures