diff options
| author | Denis Kenzior <denkenz@gmail.com> | 2024-02-29 11:18:25 -0600 |
|---|---|---|
| committer | Denis Kenzior <denkenz@gmail.com> | 2024-02-29 11:33:19 -0600 |
| commit | a90421d8e45d63b304dc010baba24633e7869682 (patch) | |
| tree | 1662a01ce8dc37726c1b14a59edfa9d95291ed6c | |
| parent | 8165dc6c175f1d355b3c6e1f305d541fffbce895 (diff) | |
| download | ofono-a90421d8e45d63b304dc010baba24633e7869682.tar.gz | |
smsutil: ensure the address length in bytes <= 10
If a specially formatted SMS is received, it is conceivable that the
address length might overflow the structure it is being parsed into.
Ensure that the length in bytes of the address never exceeds 10.
| -rw-r--r-- | src/smsutil.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/smsutil.c b/src/smsutil.c index 954f92df2..e89b4567f 100644 --- a/src/smsutil.c +++ b/src/smsutil.c @@ -643,7 +643,12 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len, else byte_len = (addr_len + 1) / 2; - if ((len - *offset) < byte_len) + /* + * 23.040: + * The maximum length of the full address field + * (AddressLength, TypeofAddress and AddressValue) is 12 octets. + */ + if ((len - *offset) < byte_len || byte_len > 10) return FALSE; out->number_type = bit_field(addr_type, 4, 3); |