cellular-infrastructure
/
osmo-msc
mirror of https://gerrit.osmocom.org/osmo-msc
9
0
Fork 0
Code Issues Releases Wiki Activity
Osmocom Mobile Switching Centre
4,333 Commits 88 Branches 106 Tags 41 MiB
C 96.9%
Python 1.2%
Makefile 1%
M4 0.5%
Shell 0.4%
Go to file
Daniel Willmann b6f01e77b1 smpp_smsc: Check that the size is large enough to hold actual data 
The first 4 bytes are the length including the length field. For
length < 4 the subsequent msgb_put(msg, sizeof(uint32_t)) will fail,
resulting in an abort. The code also expects (in smpp_msgb_cmdid()) the
existence of 4 more bytes for the SMPP command ID.

This patch checks that the length received is large enough to hold all
8 bytes in the msgb and drops the connection if that's not the case.

The issue is reproducible with:
echo -e "\x00\x00\x00\x02\x00" |socat stdin tcp:localhost:2775
 		2014-03-06 23:20:30 +01:00
debian debian: Enable hardening for the OpenBSC packages 2013-12-12 13:08:26 +01:00
hlrsync hlrsync: Sync SMS from the web db to the hlr. 2009-08-14 21:33:34 +02:00
linux-kernel new kernel patch for multiple virtual interfaces 2009-08-10 23:36:53 +02:00
openbsc smpp_smsc: Check that the size is large enough to hold actual data 2014-03-06 23:20:30 +01:00
wireshark Fix bogus message labelling in wireshark OML dissector 2011-09-19 09:19:09 +02:00
README first commit 2011-02-05 20:26:25 +01:00

README