Daniel Willmann
1fc8ec66a3
The size parameter of msgb_alloc is uint16_t so any length value above 65535 will allocate a msgb with incorrect size. This patch changes the type of rdlen and rc to ssize_t (the return value of read) and guards against the read length being larger than UINT16_MAX. To reproduce the issue run: echo -en "\x00\x01\x00\x01\x01" |socat stdin tcp:localhost:2775 |
||
---|---|---|
.. | ||
gprs | ||
ipaccess | ||
libbsc | ||
libcommon | ||
libctrl | ||
libgb | ||
libmgcp | ||
libmsc | ||
libtrau | ||
osmo-bsc | ||
osmo-bsc_mgcp | ||
osmo-bsc_nat | ||
osmo-nitb | ||
utils | ||
Makefile.am |