diff mbox series

[2/4] smsutil: ensure the address length in bytes <= 10

Message ID 20240229180746.1671015-2-denkenz@gmail.com (mailing list archive)
State Accepted
Commit a90421d8e45d63b304dc010baba24633e7869682
Headers show
Series [1/4] voicecall: Drop unused GError variables | expand

Commit Message

Denis Kenzior Feb. 29, 2024, 6:07 p.m. UTC 
If a specially formatted SMS is received, it is conceivable that the
address length might overflow the structure it is being parsed into.
Ensure that the length in bytes of the address never exceeds 10.
---
 src/smsutil.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/src/smsutil.c b/src/smsutil.c
index 954f92df2c0d..e89b4567f9f4 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -643,7 +643,12 @@  gboolean sms_decode_address_field(const unsigned char *pdu, int len,
 	else
 		byte_len = (addr_len + 1) / 2;
 
-	if ((len - *offset) < byte_len)
+	/*
+	 * 23.040:
+	 * The maximum length of the full address field
+	 * (AddressLength, TypeofAddress and AddressValue) is 12 octets.
+	 */
+	if ((len - *offset) < byte_len || byte_len > 10)
 		return FALSE;
 
 	out->number_type = bit_field(addr_type, 4, 3);