[S] Change in osmocom-bb[master]: mobile: gsm48_cc_data_ind(): check if struct gsm48_hdr fits

Mon, 15 Jan 2024 14:04:00 -0800 

fixeria has uploaded this change for review. ( 
https://gerrit.osmocom.org/c/osmocom-bb/+/35585?usp=email )


Change subject: mobile: gsm48_cc_data_ind(): check if struct gsm48_hdr fits
......................................................................

mobile: gsm48_cc_data_ind(): check if struct gsm48_hdr fits

Change-Id: I06c1877f603d3de0210dee7033ef163637c22054
Related: OS#4396
---
M src/host/layer23/src/mobile/gsm48_cc.c
1 file changed, 22 insertions(+), 6 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/85/35585/1

diff --git a/src/host/layer23/src/mobile/gsm48_cc.c 
b/src/host/layer23/src/mobile/gsm48_cc.c
index c3ec94b..21f68d3 100644
--- a/src/host/layer23/src/mobile/gsm48_cc.c
+++ b/src/host/layer23/src/mobile/gsm48_cc.c
@@ -2148,15 +2148,21 @@
 static int gsm48_cc_data_ind(struct gsm_trans *trans, struct msgb *msg)
 {
        struct osmocom_ms *ms = trans->ms;
-       struct gsm48_hdr *gh = msgb_l3(msg);
-       int msg_type = gh->msg_type & 0xbf;
-       uint8_t transaction_id = ((gh->proto_discr & 0xf0) ^ 0x80) >> 4;
-               /* flip */
+       const struct gsm48_hdr *gh = msgb_l3(msg);
        int msg_supported = 0; /* determine, if message is supported at all */
+       uint8_t msg_type;
        int i, rc;

-       /* set transaction ID, if not already */
-       trans->transaction_id = transaction_id;
+       if (msgb_l3len(msg) < sizeof(*gh)) {
+               LOGP(DCC, LOGL_INFO, "%s(): short read of msgb: %s\n",
+                    __func__, msgb_hexdump(msg));
+               return -EINVAL;
+       }
+
+       msg_type = gh->msg_type & 0xbf;
+
+       /* set transaction ID (flip), if not already */
+       trans->transaction_id = ((gh->proto_discr & 0xf0) ^ 0x80) >> 4;

        /* pull the MMCC header */
        msgb_pull(msg, sizeof(struct gsm48_mmxx_hdr));

--
To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/35585?usp=email
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Change-Id: I06c1877f603d3de0210dee7033ef163637c22054
Gerrit-Change-Number: 35585
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanits...@sysmocom.de>
Gerrit-MessageType: newchange

Reply via email to