cellular-infrastructure
/
osmo-msc
mirror of https://gerrit.osmocom.org/osmo-msc
9
0
Fork 0
Code Issues Releases Wiki Activity
Osmocom Mobile Switching Centre
4,334 Commits 88 Branches 106 Tags 41 MiB
C 96.9%
Python 1.2%
Makefile 1%
M4 0.5%
Shell 0.4%
Go to file
Daniel Willmann 1fc8ec66a3 smpp_smsc: Fix integer overflow in read return value and msgb_alloc() 
The size parameter of msgb_alloc is uint16_t so any length value above
65535 will allocate a msgb with incorrect size.

This patch changes the type of rdlen and rc to ssize_t (the return value
of read) and guards against the read length being larger than
UINT16_MAX.

To reproduce the issue run:
echo -en "\x00\x01\x00\x01\x01" |socat stdin tcp:localhost:2775
 		2014-03-06 23:20:30 +01:00
debian debian: Enable hardening for the OpenBSC packages 2013-12-12 13:08:26 +01:00
hlrsync hlrsync: Sync SMS from the web db to the hlr. 2009-08-14 21:33:34 +02:00
linux-kernel new kernel patch for multiple virtual interfaces 2009-08-10 23:36:53 +02:00
openbsc smpp_smsc: Fix integer overflow in read return value and msgb_alloc() 2014-03-06 23:20:30 +01:00
wireshark Fix bogus message labelling in wireshark OML dissector 2011-09-19 09:19:09 +02:00
README first commit 2011-02-05 20:26:25 +01:00

README