From 5e76ce61ace28a99f402c3d73fd74d855c6ec40d Mon Sep 17 00:00:00 2001
From: Holger Freyther <zecke@selfish.org>
Date: Sun, 4 Jan 2009 20:15:12 +0000
Subject: [PATCH] Some simple size check. We would not overflow but would send
 garbage

Check the size
---
 src/telnet_interface.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/telnet_interface.c b/src/telnet_interface.c
index ddbbc5849..a25c9bb43 100644
--- a/src/telnet_interface.c
+++ b/src/telnet_interface.c
@@ -204,12 +204,19 @@ void telnet_send_gsm_48(struct telnet_connection *connection) {
 	static const char* error[] = {
 		"48: IMSI not found\n",
 		"48: No channel allocated for IMSI\n" };
+	int ret;
 	struct gsm_bts *bts = &connection->network->bts[connection->bts];
 	struct gsm_lchan *lchan = find_channel(bts, connection->imsi, error, connection->fd.fd);
 
 	if (!lchan)
 		return;
 
+	if (connection->read < 2) {
+		static const char *msg = "48: Need at least two bytes";
+		ret = write(connection->fd.fd, msg, strlen(msg));
+		return;
+	}
+
 	struct msgb *msg = gsm48_msgb_alloc();
 	struct gsm48_hdr *gh;
 	int i;