neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmo-sccp/+/37995?usp=email ) Change subject: coverity CID#216830 ...................................................................... coverity CID#216830 sanity-check par->len received on the wire. Change-Id: I3e6283154268f97a66b2b3f2ec8e3e9631424434 --- M src/sua.c 1 file changed, 5 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/libosmo-sccp refs/changes/95/37995/1 diff --git a/src/sua.c b/src/sua.c index 9e281e0..d4c8b29 100644 --- a/src/sua.c +++ b/src/sua.c @@ -436,7 +436,11 @@ par = (struct xua_parameter_hdr *) &param->dat[pos]; par_tag = ntohs(par->tag); par_len = ntohs(par->len); - par_datalen = par_len - sizeof(*par); + /* sanity: check par->len received on the wire, make sure the subtraction does not wrap past zero */ + if (par_len >= sizeof(*par)) + par_datalen = par_len - sizeof(*par); + else + par_datalen = 0; LOGP(DLSUA, LOGL_DEBUG, "SUA IEI 0x%04x pos %hu/%hu: subpart tag 0x%04x, len %hu\n", param->tag, pos, param->len, par_tag, par_len); -- To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/37995?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: libosmo-sccp Gerrit-Branch: master Gerrit-Change-Id: I3e6283154268f97a66b2b3f2ec8e3e9631424434 Gerrit-Change-Number: 37995 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>