diff mbox series

[v3] smsutil: Validate the length of the address field

Message ID 20231229103004.78670-1-d.grigorev@omp.ru (mailing list archive)
State Accepted, archived
Headers show
Series [v3] smsutil: Validate the length of the address field | expand

Commit Message

Denis Grigorev Dec. 29, 2023, 10:30 a.m. UTC 
This addresses CVE-2023-4233.
---
 v1 -> v2: Validate Address-Length instead of comparing with mem size.
 v2 -> v3: Remove extra space

 src/smsutil.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Denis Kenzior Jan. 2, 2024, 5:19 p.m. UTC | #1 
Hi Denis,

On 12/29/23 04:30, Denis Grigorev wrote:
> This addresses CVE-2023-4233.
> ---
>   v1 -> v2: Validate Address-Length instead of comparing with mem size.
>   v2 -> v3: Remove extra space
> 
>   src/smsutil.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 

Applied, thanks.

Regards,
-Denis
diff mbox series

Patch

diff --git a/src/smsutil.c b/src/smsutil.c
index c25dbdbf..27c5065a 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -627,6 +627,10 @@  gboolean sms_decode_address_field(const unsigned char *pdu, int len,
 	if (!next_octet(pdu, len, offset, &addr_len))
 		return FALSE;
 
+	/* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
+	if (addr_len > 20)
+		return FALSE;
+
 	if (sc && addr_len == 0) {
 		out->address[0] = '\0';
 		return TRUE;