[PATCH 1/8] nat: Add size check for the payload

15 Jun 2015

From: Holger Hans Peter Freyther &lt;holger(a)moiji-mobile.com&gt;

The msgb will always have these bytes but it is better practice
to verify that the message really has space for the two bytes.
---
 openbsc/src/osmo-bsc_nat/bsc_nat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 4357485..537001e 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -1185,7 +1185,7 @@ exit:
 		send_reset_ack(bsc);
 	} else if (parsed->ipa_proto == IPAC_PROTO_IPACCESS) {
 		/* do we know who is handling this? */
-		if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
+		if (msg->l2h[0] == IPAC_MSGT_ID_RESP && msgb_l2len(msg) > 2) {
 			struct tlv_parsed tvp;
 			int ret;
 			ret = ipa_ccm_idtag_parse(&tvp,
-- 
2.3.5


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[PATCH 1/8] nat: Add size check for the payload