dexter has submitted this change. ( https://gerrit.osmocom.org/c/osmo-iuh/+/26855 ) Change subject: iu_helpers: check length before accessing buf ...................................................................... iu_helpers: check length before accessing buf in ranap_transp_layer_addr_decode() we access the buffer buf before checking the length field. This can lead to a segfault when the buffer has a length of 0. Change-Id: I983f6e5e4cee47b3f5719829e1310b8e2e33ffaf --- M src/iu_helpers.c 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: pespin: Looks good to me, but someone else must approve daniel: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/iu_helpers.c b/src/iu_helpers.c index 392622f..62f5c22 100644 --- a/src/iu_helpers.c +++ b/src/iu_helpers.c @@ -113,7 +113,7 @@ buf = trasp_layer_addr->buf; len = trasp_layer_addr->size; - if (buf[0] == 0x35 && len >= 7) + if (len >= 7 && buf[0] == 0x35) rc = inet_ntop(AF_INET, buf + 3, addr, addr_len); else if (len > 3) rc = inet_ntop(AF_INET, buf, addr, addr_len); -- To view, visit https://gerrit.osmocom.org/c/osmo-iuh/+/26855 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-iuh Gerrit-Branch: master Gerrit-Change-Id: I983f6e5e4cee47b3f5719829e1310b8e2e33ffaf Gerrit-Change-Number: 26855 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: pespin <pespin(a)sysmocom.de> Gerrit-MessageType: merged