diff options
| author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-10-11 09:23:50 +0200 |
|---|---|---|
| committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-10-11 09:26:20 +0200 |
| commit | d65a6985bf16e9a4b80e4e6dede1f1207f46f944 (patch) | |
| tree | 9c6d34dcbb978bcb453264f3f8fa6b12904246af /src | |
| parent | 7d0bce3dfb74de01ccd1dc5535ee56e38ccad38a (diff) | |
ussd: Make sure that we at least have 8 bytes when decoding the string
The actual gsm_7bit_decode can still cause a buffer overrun
but at least we are safe until this point.
Diffstat (limited to 'src')
| -rw-r--r-- | src/gsm0480.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/gsm0480.c b/src/gsm0480.c index 73be8acd..4b1471f1 100644 --- a/src/gsm0480.c +++ b/src/gsm0480.c @@ -386,6 +386,12 @@ static int parse_process_uss_req(const uint8_t *uss_req_data, uint16_t length, int num_chars; uint8_t dcs; + + /* we need at least that much */ + if (length < 8) + return 0; + + if (uss_req_data[0] == GSM_0480_SEQUENCE_TAG) { if (uss_req_data[2] == ASN1_OCTET_STRING_TAG) { dcs = uss_req_data[4]; |