bssap_conn: fix missing length check
Fixes: Coverity CID#273004 Change-Id: I1fc4c81e139bab3d7d977ef9467f62d8088884db
This commit is contained in:
parent
07180351c4
commit
c732e25604
|
@ -18,6 +18,7 @@
|
|||
*/
|
||||
|
||||
#include "config.h"
|
||||
#include <errno.h>
|
||||
#include <osmocom/core/msgb.h>
|
||||
#include <osmocom/gsm/gsm0808.h>
|
||||
#include <osmocom/sigtran/sccp_helpers.h>
|
||||
|
@ -25,6 +26,9 @@
|
|||
#include <osmocom/bsc_nat/subscr_conn.h>
|
||||
#include <osmocom/bsc_nat/subscr_conn_fsm.h>
|
||||
|
||||
#define IP_V4_ADDR_LEN 4
|
||||
#define IP_V6_ADDR_LEN 16
|
||||
|
||||
int bssmap_replace_ie_aoip_transp_addr(struct msgb **msg, struct sockaddr_storage *ss)
|
||||
{
|
||||
struct msgb *msg_new;
|
||||
|
@ -50,6 +54,22 @@ int bssmap_replace_ie_aoip_transp_addr(struct msgb **msg, struct sockaddr_storag
|
|||
return rv;
|
||||
}
|
||||
|
||||
if (tag == GSM0808_IE_AOIP_TRASP_ADDR) {
|
||||
switch (ss->ss_family) {
|
||||
case AF_INET:
|
||||
len = IP_V4_ADDR_LEN;
|
||||
break;
|
||||
case AF_INET6:
|
||||
len = IP_V6_ADDR_LEN;
|
||||
}
|
||||
}
|
||||
|
||||
if (len >= msgb_tailroom(msg_new)) {
|
||||
LOGP(DMAIN, LOGL_ERROR, "Tailroom too small to encode tag %d into copy of bssmap msg\n", tag);
|
||||
msgb_free(msg_new);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (tag == GSM0808_IE_AOIP_TRASP_ADDR)
|
||||
rc = gsm0808_enc_aoip_trasp_addr(msg_new, ss);
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue