summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorVadim Yanitskiy <axilirator@gmail.com>2018-04-04 19:19:07 +0700
committerVadim Yanitskiy <axilirator@gmail.com>2018-04-04 20:24:09 +0700
commit2ecfb30d7f00c8307600450e184dfd26990e8bc6 (patch)
treee5fb5d2c330ffdcf3432d20b5ebb53c444218065 /src
parenta24ead01260b472dcdf5c18190468aac9b9f43cb (diff)
gsm0480: drop messages with incorrect data length
If either an INVOKE, either a RETURN_RESULT component has the data with incorrect length (see Annex A, 3GPP TS 04.80), the whole message is probably incorrect. Let's drop such messages instead of silent truncation. Change-Id: I2a169b0b84aa26ea2521edd55ff005c27ae6d808
Diffstat (limited to 'src')
-rw-r--r--src/gsm/gsm0480.c21
1 files changed, 12 insertions, 9 deletions
diff --git a/src/gsm/gsm0480.c b/src/gsm/gsm0480.c
index 38082b32..636f2678 100644
--- a/src/gsm/gsm0480.c
+++ b/src/gsm/gsm0480.c
@@ -552,8 +552,12 @@ static int parse_process_uss_data(const uint8_t *uss_req_data, uint16_t length,
if (num_chars > length - 2)
return 0;
- if (num_chars > GSM0480_USSD_OCTET_STRING_LEN)
- num_chars = GSM0480_USSD_OCTET_STRING_LEN;
+ /* Drop messages with incorrect length */
+ if (num_chars > GSM0480_USSD_OCTET_STRING_LEN) {
+ LOGP(DLGLOBAL, LOGL_ERROR, "Incorrect USS_DATA data length=%u, "
+ "dropping message", num_chars);
+ return 0;
+ }
memcpy(req->ussd_text, uss_req_data + 2, num_chars);
@@ -588,9 +592,12 @@ static int parse_process_uss_req(const uint8_t *uss_req_data, uint16_t length,
/* Get the amount of bytes */
num_chars = uss_req_data[6];
- /* Prevent a mobile-originated buffer-overrun! */
- if (num_chars > GSM0480_USSD_OCTET_STRING_LEN)
- num_chars = GSM0480_USSD_OCTET_STRING_LEN;
+ /* Drop messages with incorrect length */
+ if (num_chars > GSM0480_USSD_OCTET_STRING_LEN) {
+ LOGP(DLGLOBAL, LOGL_ERROR, "Incorrect USS_REQ data length=%u, "
+ "dropping message", num_chars);
+ return 0;
+ }
/* Copy the data 'as is' */
memcpy(req->ussd_data, uss_req_data + 7, num_chars);
@@ -606,10 +613,6 @@ static int parse_process_uss_req(const uint8_t *uss_req_data, uint16_t length,
/* Calculate the amount of 7-bit characters */
num_chars = (num_chars * 8) / 7;
- /* Prevent a mobile-originated buffer-overrun! */
- if (num_chars > GSM0480_USSD_7BIT_STRING_LEN)
- num_chars = GSM0480_USSD_7BIT_STRING_LEN;
-
gsm_7bit_decode_n_ussd((char *)req->ussd_text,
sizeof(req->ussd_text), &(uss_req_data[7]), num_chars);