dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-iuh/+/26855 )
Change subject: iu_helpers: check length before accessing buf ......................................................................
iu_helpers: check length before accessing buf
in ranap_transp_layer_addr_decode() we access the buffer buf before checking the length field. This can lead to a segfault when the buffer has a length of 0.
Change-Id: I983f6e5e4cee47b3f5719829e1310b8e2e33ffaf --- M src/iu_helpers.c 1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-iuh refs/changes/55/26855/1
diff --git a/src/iu_helpers.c b/src/iu_helpers.c index 392622f..62f5c22 100644 --- a/src/iu_helpers.c +++ b/src/iu_helpers.c @@ -113,7 +113,7 @@ buf = trasp_layer_addr->buf; len = trasp_layer_addr->size;
- if (buf[0] == 0x35 && len >= 7) + if (len >= 7 && buf[0] == 0x35) rc = inet_ntop(AF_INET, buf + 3, addr, addr_len); else if (len > 3) rc = inet_ntop(AF_INET, buf, addr, addr_len);
pespin has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-iuh/+/26855 )
Change subject: iu_helpers: check length before accessing buf ......................................................................
Patch Set 1: Code-Review+1
daniel has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-iuh/+/26855 )
Change subject: iu_helpers: check length before accessing buf ......................................................................
Patch Set 1: Code-Review+2
dexter has submitted this change. ( https://gerrit.osmocom.org/c/osmo-iuh/+/26855 )
Change subject: iu_helpers: check length before accessing buf ......................................................................
iu_helpers: check length before accessing buf
in ranap_transp_layer_addr_decode() we access the buffer buf before checking the length field. This can lead to a segfault when the buffer has a length of 0.
Change-Id: I983f6e5e4cee47b3f5719829e1310b8e2e33ffaf --- M src/iu_helpers.c 1 file changed, 1 insertion(+), 1 deletion(-)
Approvals: pespin: Looks good to me, but someone else must approve daniel: Looks good to me, approved Jenkins Builder: Verified
diff --git a/src/iu_helpers.c b/src/iu_helpers.c index 392622f..62f5c22 100644 --- a/src/iu_helpers.c +++ b/src/iu_helpers.c @@ -113,7 +113,7 @@ buf = trasp_layer_addr->buf; len = trasp_layer_addr->size;
- if (buf[0] == 0x35 && len >= 7) + if (len >= 7 && buf[0] == 0x35) rc = inet_ntop(AF_INET, buf + 3, addr, addr_len); else if (len > 3) rc = inet_ntop(AF_INET, buf, addr, addr_len);
-
daniel -
dexter
-
pespin