[1/8] nat: Add size check for the payload

Message ID	1434362142-12650-1-git-send-email-holger@freyther.de
State	Accepted
Headers	show Return-Path: <openbsc-bounces@lists.osmocom.org> From: Holger Hans Peter Freyther <holger@freyther.de> To: openbsc@lists.osmocom.org Subject: [PATCH 1/8] nat: Add size check for the payload Date: Mon, 15 Jun 2015 11:55:35 +0200 Message-Id: <1434362142-12650-1-git-send-email-holger@freyther.de> Precedence: list Errors-To: openbsc-bounces@lists.osmocom.org Sender: "OpenBSC" <openbsc-bounces@lists.osmocom.org>

Message ID

1434362142-12650-1-git-send-email-holger@freyther.de

State

Accepted

Headers

From: Holger Hans Peter Freyther <holger@freyther.de>
To: openbsc@lists.osmocom.org
Subject: [PATCH 1/8] nat: Add size check for the payload
Date: Mon, 15 Jun 2015 11:55:35 +0200
Message-Id: <1434362142-12650-1-git-send-email-holger@freyther.de>
Precedence: list
Errors-To: openbsc-bounces@lists.osmocom.org
Sender: "OpenBSC" <openbsc-bounces@lists.osmocom.org>

Commit Message

Holger Freyther June 15, 2015, 9:55 a.m. UTC

From: Holger Hans Peter Freyther <holger@moiji-mobile.com>

The msgb will always have these bytes but it is better practice
to verify that the message really has space for the two bytes.
---
 openbsc/src/osmo-bsc_nat/bsc_nat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 4357485..537001e 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -1185,7 +1185,7 @@  exit:
 		send_reset_ack(bsc);
 	} else if (parsed->ipa_proto == IPAC_PROTO_IPACCESS) {
 		/* do we know who is handling this? */
-		if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
+		if (msg->l2h[0] == IPAC_MSGT_ID_RESP && msgb_l2len(msg) > 2) {
 			struct tlv_parsed tvp;
 			int ret;
 			ret = ipa_ccm_idtag_parse(&tvp,

[1/8] nat: Add size check for the payload

Commit Message

Patch