[v2] smsutil: Validate the length of the address field

Message ID	20231228095152.68478-1-d.grigorev@omp.ru (mailing list archive)
State	Superseded
Headers	show Received: from mx01.omp.ru (mx01.omp.ru [90.154.21.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05FE963A8 for <ofono@lists.linux.dev>; Thu, 28 Dec 2023 09:52:33 +0000 (UTC) From: Denis Grigorev <d.grigorev@omp.ru> To: <ofono@lists.linux.dev> CC: <denkenz@gmail.com>, <d.grigorev@omp.ru> Subject: [PATCH v2] smsutil: Validate the length of the address field Date: Thu, 28 Dec 2023 12:51:52 +0300 Message-ID: <20231228095152.68478-1-d.grigorev@omp.ru> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain on: 12/28/2023 09:09:14 from: d.grigorev@omp.ru bases: 12/28/2023 3:33:00 AM X-KSE-Attachment-Filter-Triggered-Rules: Clean X-KSE-Attachment-Filter-Triggered-Filters: Clean X-KSE-BulkMessagesFiltering-Scan-Result: InTheLimit
Series	[v2] smsutil: Validate the length of the address field \| expand [v2] smsutil: Validate the length of the address field

Message ID

20231228095152.68478-1-d.grigorev@omp.ru (mailing list archive)

State

Superseded

Headers

From: Denis Grigorev <d.grigorev@omp.ru>
To: <ofono@lists.linux.dev>
CC: <denkenz@gmail.com>, <d.grigorev@omp.ru>
Subject: [PATCH v2] smsutil: Validate the length of the address field
Date: Thu, 28 Dec 2023 12:51:52 +0300
Message-ID: <20231228095152.68478-1-d.grigorev@omp.ru>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-KSE-Attachment-Filter-Triggered-Filters: Clean
X-KSE-BulkMessagesFiltering-Scan-Result: InTheLimit

Series

[v2] smsutil: Validate the length of the address field | expand

Commit Message

Denis Grigorev Dec. 28, 2023, 9:51 a.m. UTC

This addresses CVE-2023-4233.
---
 src/smsutil.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/smsutil.c b/src/smsutil.c
index c25dbdbf..77ab0ff1 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -627,6 +627,10 @@  gboolean sms_decode_address_field(const unsigned char *pdu, int len,
 	if (!next_octet(pdu, len, offset, &addr_len))
 		return FALSE;
 
+	/* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
+	 if (addr_len > 20)
+		return FALSE;
+
 	if (sc && addr_len == 0) {
 		out->address[0] = '\0';
 		return TRUE;

[v2] smsutil: Validate the length of the address field

Commit Message

Patch