diff mbox series

[1/2] smsutil: check deliver reports fit in buffer

Message ID 20241204082207.24692-1-absicsz@gmail.com (mailing list archive)
State Accepted
Commit 02aa0f9bad3d9e47a152fc045d0f51874d901d7e
Headers show
Series [1/2] smsutil: check deliver reports fit in buffer | expand

Commit Message

Sicelo Dec. 4, 2024, 8:18 a.m. UTC 
Fixes CVE-2023-4235
---
 src/smsutil.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

patchwork-bot+ofono@kernel.org Dec. 4, 2024, 6:20 p.m. UTC | #1 
Hello:

This series was applied to ofono.git (master)
by Denis Kenzior <denkenz@gmail.com>:

On Wed,  4 Dec 2024 10:18:51 +0200 you wrote:
> Fixes CVE-2023-4235
> ---
>  src/smsutil.c | 6 ++++++
>  1 file changed, 6 insertions(+)

Here is the summary with links:
  - [1/2] smsutil: check deliver reports fit in buffer
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=02aa0f9bad3d
  - [2/2] smsutil: check status report fits in buffer
    https://git.kernel.org/pub/scm/network/ofono/ofono.git/?id=2ff2da7ac374

You are awesome, thank you!
diff mbox series

Patch

diff --git a/src/smsutil.c b/src/smsutil.c
index 8f578c22..bdb1d04f 100644
--- a/src/smsutil.c
+++ b/src/smsutil.c
@@ -1226,10 +1226,16 @@  static gboolean decode_deliver_report(const unsigned char *pdu, int len,
 			return FALSE;
 
 		if (out->type == SMS_TYPE_DELIVER_REPORT_ERROR) {
+			if (expected > (int) sizeof(out->deliver_err_report.ud))
+				return FALSE;
+
 			out->deliver_err_report.udl = udl;
 			memcpy(out->deliver_err_report.ud,
 					pdu + offset, expected);
 		} else {
+			if (expected > (int) sizeof(out->deliver_ack_report.ud))
+				return FALSE;
+
 			out->deliver_ack_report.udl = udl;
 			memcpy(out->deliver_ack_report.ud,
 					pdu + offset, expected);