diff mbox series

[v2] smsutil: check that user data length fits in internal buffer

Message ID 20240812085134.74064-1-j.lemetayer@kerlink.fr (mailing list archive)
State Accepted
Commit 5209fd65ff41653d7725e407ccc359c54bb3121f
Headers show
Series [v2] smsutil: check that user data length fits in internal buffer | expand

Commit Message

Jean-Marie Lemetayer Aug. 12, 2024, 8:51 a.m. UTC 
This addresses CVE-2023-2794.
---
 src/smsutil.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

patchwork-bot+ofono@kernel.org Aug. 13, 2024, 7:40 p.m. UTC | #1 
Hello:

This patch was applied to ofono.git (master)
by Denis Kenzior <denkenz@gmail.com>:

On Mon, 12 Aug 2024 10:51:34 +0200 you wrote:
> This addresses CVE-2023-2794.
> ---
>  src/smsutil.c | 3 +++
>  1 file changed, 3 insertions(+)

Here is the summary with links:
  - [v2] smsutil: check that user data length fits in internal buffer
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=5209fd65ff41

You are awesome, thank you!
diff mbox series

Patch

diff --git a/src/smsutil.c b/src/smsutil.c
index 39f0ecc6..92d7f3c8 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -770,6 +770,9 @@  static gboolean decode_deliver(const unsigned char *pdu, int len,
 
 	expected = sms_udl_in_bytes(out->deliver.udl, out->deliver.dcs);
 
+	if (expected < 0 || expected > (int)sizeof(out->deliver.ud))
+		return FALSE;
+
 	if ((len - offset) < expected)
 		return FALSE;