diff mbox series

[2/2] huaweimodem: ussd: ensure ussd content fits in buffer

Message ID 20241216110106.567830-2-absicsz@gmail.com (mailing list archive)
State Under Review
Headers show
Series [1/2] speedupmodem: ussd: ensure ussd content fits in buffer | expand

Commit Message

Sicelo A. Mhlongo Dec. 16, 2024, 11 a.m. UTC 
Additional fix for CVE-2024-7539
---
 drivers/huaweimodem/ussd.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/drivers/huaweimodem/ussd.c b/drivers/huaweimodem/ussd.c
index 5e1c9078..1e246e5d 100644
--- a/drivers/huaweimodem/ussd.c
+++ b/drivers/huaweimodem/ussd.c
@@ -38,7 +38,7 @@  static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
 	int status;
 	int dcs = 0;
 	const char *content;
-	unsigned char msg[160];
+	unsigned char msg[160] = {0};
 	const unsigned char *msg_ptr = NULL;
 	long msg_len;
 
@@ -55,6 +55,10 @@  static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
 
 	g_at_result_iter_next_number(&iter, &dcs);
 
+	if (strlen(content) > sizeof(msg) * 2)
+		goto out;
+	}
+
 	msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
 
 out: