cbsp: Fix decoding of WRITE-REPLACE payload

The user length is the first IE *in* the fixed-length TV, make sure cbsp_dec_write_repl() respects that. Change-Id: I864cafac2466a89a4bd9644bc73363fff2babd03
2019-09-01 22:30:58 +02:00 · 2019-09-01 22:30:58 +02:00 · e674c44c30
parent 3097bcec58
commit e674c44c30
1 changed files with 2 additions and 2 deletions
--- a/src/gsm/cbsp.c
+++ b/src/gsm/cbsp.c
@ -687,8 +687,8 @@ static int cbsp_dec_write_repl(struct osmo_cbsp_write_replace *out, const struct
 			}
 			page = talloc_zero(ctx, struct osmo_cbsp_content);
 			OSMO_ASSERT(page);
-			page->user_len = *(ie-1); /* length byte before payload */
-			memcpy(page->data, ie, sizeof(page->data));
+			page->user_len = ie[0]; /* length byte before payload */
+			memcpy(page->data, ie+1, sizeof(page->data));
 			llist_add_tail(&page->list, &out->u.cbs.msg_content);
 		}
 	} else {