projects
/
osmocom-bb.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
7d0bce3
)
ussd: Make sure that we at least have 8 bytes when decoding the string
author
Holger Hans Peter Freyther
<zecke@selfish.org>
Mon, 11 Oct 2010 07:23:50 +0000
(09:23 +0200)
committer
Holger Hans Peter Freyther
<zecke@selfish.org>
Mon, 11 Oct 2010 07:26:20 +0000
(09:26 +0200)
The actual gsm_7bit_decode can still cause a buffer overrun
but at least we are safe until this point.
src/gsm0480.c
patch
|
blob
|
history
diff --git
a/src/gsm0480.c
b/src/gsm0480.c
index
73be8ac
..
4b1471f
100644
(file)
--- a/
src/gsm0480.c
+++ b/
src/gsm0480.c
@@
-386,6
+386,12
@@
static int parse_process_uss_req(const uint8_t *uss_req_data, uint16_t length,
int num_chars;
uint8_t dcs;
+
+ /* we need at least that much */
+ if (length < 8)
+ return 0;
+
+
if (uss_req_data[0] == GSM_0480_SEQUENCE_TAG) {
if (uss_req_data[2] == ASN1_OCTET_STRING_TAG) {
dcs = uss_req_data[4];