Hi Jens, please prefix the subject line with the files that get changed. So something like push: would be good.
> src/push.c | 8 +++++++- > 1 files changed, 7 insertions(+), 1 deletions(-) > > diff --git a/src/push.c b/src/push.c > index 6a54907..6107352 100644 > --- a/src/push.c > +++ b/src/push.c > @@ -351,13 +351,16 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned > int len, > /* Consume TID and Type */ > nread = 2; > > - if (wsp_decode_uintvar(pdu + nread, len, > + if (wsp_decode_uintvar(pdu + nread, len - nread, > &headerslen, &consumed) == FALSE) > return FALSE; > > /* Consume uintvar bytes */ > nread += consumed; > > + /* Check if content type could be read */ > + if (headerslen > (len - nread)) > + return FALSE; No need for (len - nread). Just do > len - nread. > /* Try to decode content-type */ > if (wsp_decode_content_type(pdu + nread, headerslen, &ct, > &consumed, ¶m_len) == FALSE) > @@ -370,6 +373,9 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int > len, > consumed += param_len; > nread += consumed; > > + /* Check if application_id could be read */ > + if ((headerslen - consumed) > (len - nread)) > + return FALSE; Same here (headerslen - consumed > len - nread) is good enough. > /* Parse header to decode application_id */ > wsp_header_iter_init(&iter, pdu + nread, headerslen - consumed, 0); > Regards Marcel _______________________________________________ ofono mailing list ofono@ofono.org http://lists.ofono.org/listinfo/ofono