Message ID | 1434362142-12650-1-git-send-email-holger@freyther.de |
---|---|
State | Accepted |
Headers | show |
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c index 4357485..537001e 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c @@ -1185,7 +1185,7 @@ exit: send_reset_ack(bsc); } else if (parsed->ipa_proto == IPAC_PROTO_IPACCESS) { /* do we know who is handling this? */ - if (msg->l2h[0] == IPAC_MSGT_ID_RESP) { + if (msg->l2h[0] == IPAC_MSGT_ID_RESP && msgb_l2len(msg) > 2) { struct tlv_parsed tvp; int ret; ret = ipa_ccm_idtag_parse(&tvp,
From: Holger Hans Peter Freyther <holger@moiji-mobile.com> The msgb will always have these bytes but it is better practice to verify that the message really has space for the two bytes. --- openbsc/src/osmo-bsc_nat/bsc_nat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)