cbsp: Fix decoding of WRITE-REPLACE payload

The user length is the first IE *in* the fixed-length TV, make sure cbsp_dec_write_repl() respects that. Change-Id: I864cafac2466a89a4bd9644bc73363fff2babd03
author: Harald Welte <laforge@gnumonks.org> 2019-09-01 22:30:58 +0200
committer: Harald Welte <laforge@gnumonks.org> 2019-09-01 22:32:24 +0200
commit: e674c44c3073705ae46b668cd86100bd9c90db98 (patch)
tree: c4d957fb9b27de4e266c02c4cc004b2c7dca39d3
parent: 3097bcec581c9c4a39cd69ffd3a5b878c86bac81 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/gsm/cbsp.c b/src/gsm/cbsp.c
index 591ff251..ccc2df53 100644
--- a/src/gsm/cbsp.c
+++ b/src/gsm/cbsp.c
@@ -687,8 +687,8 @@ static int cbsp_dec_write_repl(struct osmo_cbsp_write_replace *out, const struct
 			}
 			page = talloc_zero(ctx, struct osmo_cbsp_content);
 			OSMO_ASSERT(page);
-			page->user_len = *(ie-1); /* length byte before payload */
-			memcpy(page->data, ie, sizeof(page->data));
+			page->user_len = ie[0]; /* length byte before payload */
+			memcpy(page->data, ie+1, sizeof(page->data));
 			llist_add_tail(&page->list, &out->u.cbs.msg_content);
 		}
 	} else {
author	Harald Welte <laforge@gnumonks.org>	2019-09-01 22:30:58 +0200
committer	Harald Welte <laforge@gnumonks.org>	2019-09-01 22:32:24 +0200
commit	e674c44c3073705ae46b668cd86100bd9c90db98 (patch)
tree	c4d957fb9b27de4e266c02c4cc004b2c7dca39d3
parent	3097bcec581c9c4a39cd69ffd3a5b878c86bac81 (diff)