osmith has submitted this change. (
https://gerrit.osmocom.org/c/osmo-msc/+/33397 )
Change subject: smpp_msc: submit_to_sms: check ud_len > sms_msg_len
......................................................................
smpp_msc: submit_to_sms: check ud_len > sms_msg_len
Fixes: CID#240727
Change-Id: Ie01ac84816f6ac3ba5631a643d486fb0dfb05eb2
---
M src/libsmpputil/smpp_msc.c
1 file changed, 16 insertions(+), 0 deletions(-)
Approvals:
Jenkins Builder: Verified
pespin: Looks good to me, but someone else must approve
fixeria: Looks good to me, approved
diff --git a/src/libsmpputil/smpp_msc.c b/src/libsmpputil/smpp_msc.c
index 87cab00..fed5858 100644
--- a/src/libsmpputil/smpp_msc.c
+++ b/src/libsmpputil/smpp_msc.c
@@ -245,6 +245,12 @@
sms->data_coding_scheme = GSM338_DCS_1111_7BIT;
if (sms->ud_hdr_ind) {
ud_len = *sms_msg + 1;
+ if (ud_len > sms_msg_len) {
+ sms_free(sms);
+ LOGP(DLSMS, LOGL_ERROR, "invalid ud_len=%u >
sms_msg_len=%u\n", ud_len,
+ sms_msg_len);
+ return ESME_RINVPARLEN;
+ }
printf("copying %u bytes user data...\n", ud_len);
memcpy(sms->user_data, sms_msg,
OSMO_MIN(ud_len, sizeof(sms->user_data)));
--
To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/33397
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Change-Id: Ie01ac84816f6ac3ba5631a643d486fb0dfb05eb2
Gerrit-Change-Number: 33397
Gerrit-PatchSet: 1
Gerrit-Owner: osmith <osm...@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanits...@sysmocom.de>
Gerrit-Reviewer: osmith <osm...@sysmocom.de>
Gerrit-Reviewer: pespin <pes...@sysmocom.de>
Gerrit-MessageType: merged
